Bad Pigs removed from Google Play after 10k users download bogus app

Share this article:
"Bad Pigs" removed from Google Play after 10k users download spurious app
"Bad Pigs" removed from Google Play after 10k users download spurious app

Scammers planted a malicious app in the Google Play store for Android users and designed it to look like a popular app called Bad Piggies.

The spurious app, called Bad Pigs, shows the same photo as the legitimate app when searched in Google Play. Bad Piggies is a spinoff game for fans of the Angry Birds app.  

Bad Pigs has been installed more than 10,000 times since May 25, a concerning rate given the fact that the app redirects users to unwanted ads, including one that links to a fake anti-virus scan that charges users €15 a week (or about $20) for the service, Sean Sullivan, a security adviser at Finnish security firm F-Secure, said in two blog posts this week.

The anti-virus ad is written in Finnish and also directs users to enter their phone number, which can be used for future malicious acts.

In addition, the app can gain numerous permissions on mobile devices, including creating desktop icons that link to ad sites, displaying ads in the Android notification bar, and creating bookmarks in the user's browser. The app can also access users' browsing history, determine their location via GPS and access other account information, including email addresses.

Dan Stokes is listed as the developer of Bag Pigs, as opposed to Rovio Mobile, the maker of the legitimate Bad Piggies game. The contact email for Stokes was hgfdhsdgjhd [at] gmail.com, another red flag, Sullivan said.

Under Stokes' page, two other apps for Android named Fruit Chop Ninja and Paper Toss 2 were also listed.

In a Friday email to SCMagazine.com, a Google spokeswoman confirmed the apps in question were removed from the Google Play store.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.