It’s a pig-eat-pig world out there – at least on the mobile app threat front. Right after reports of malicious Bad Piggies on Google Chrome Web Store circulated, we found that certain developers also released their own, albeit rogue versions of the said gaming app.

On the heels of Bad Piggies‘ launch last month, we saw rogue versions of the game on specific web pages hosted on Russian domains. However, these versions are not affiliated at all with the game. Based on our analysis, these apps are verified as malicious, specifically premium service abusers, which send SMS messages without user consent and leaves users with unnecessary charges.

Slicing Through Malicious Bad Piggies Version

During our research, we used the keyword “Bad Piggies” and encountered 48 Russian domains. Among these sites is piggies-{BLOCKED}d.ru, which appears as an app download page.

The said site offers the said app on different platforms. Instead of the actual Bad Piggies app, users instead download a malicious .APK file detected as ANDROIDOS_FAKEINST.A. Once installed, it creates a shortcut on the device’s homepage and sends SMS messages to specific numbers. As mentioned, these messages are sent without user consent and may cost users to pay extra for something they didn’t authorize.

Read the rest of this entry »