Really Bad Piggies: Disguised malware piggybacks on Google Play
This is one really, really bad piggy: a fake app that a tech site said could have malicious potential briefly piggybacked on Google Play before it was yanked out, a security vendor said this week.
F-Secure said the clone of "Bad Piggies," a popular spinoff of the monster hit "Angry Birds," made its way to Google Play and even got more than 10,000 installs since May 25.
"Our Mobile Security product detects and blocks this as Android/FakeInst.CI ... We've reported the issue to Google (and Rovio) and the apps are no longer indexed by Google's search," it noted in a blog post.
But it noted Android app portal AppBrain briefly ranked the fake app, which called itself "Bad Pigs," first on its list.
On the other hand, F-Secure noted AppBrain had listed several concerns, including asking for extra permissions such as:
- adding ad icons on the desktop
- pushing ads in the Android notification bar
- adding ad bookmarks in the browser
- discovering accounts and getting email addresses
- accessing browsing history
- may share user's location
The permissions it seeks include the user's personal information, location, network communication, accounts, storage, phone calls, hardware controls and system tools.
"Boy, that's a long list of extra permissions. These particular piggies aren't just bad — they're evil," F-Secure said.
F-Secure also noted "Dan Stokes," the author of the app, has other apps including "Fruit Chop Ninja," which it said also has more than 10,000 installs.
A separate article on PC Magazine said F-Secure's chief researcher Mikko Hypponen had noted Trojanized apps, though rare, were among the most dangerous threats for Android users.
It also quoted Sean Sullivan, a security advisor with F-Secure, as saying this app was "particularly tricky."
"The fake installer app isn't classified as 'malicious,' which is may be why it got past Google's bouncer," said Sullivan, referring to Google's automated system for scanning developer's apps.
PC Mag also noted that while it is not quite clear what Stokes was up to, the huge number of permissions requested by the app provokes concern.
PC Mag advised those who had downloaded and installed the app to "find it and delete it using the Android App Manager found in the Settings menu." — TJD, GMA News