Wordle craze gives fodder for easy prey to cyber attackers

Wordle craze gives fodder for easy prey to cyber attackers
14 Jan, 2022

Wordle is literally everywhere right now, so naturally, hackers and scammers have followed suit. The latest game that has gained momentum, particularly in the past few weeks, is a seemingly innocuous word game -- but within its short existence, has led to the issuance of security advisories and tech giants being called into action. 

If you haven’t played yet, Wordle is a quick, easy word game that puts your vocabulary and intuitive judgement skills to test. Developed by Josh Wardle, the name ‘Wordle’ is a spin on his own surname.  

In the game, users get six chances to get a five-letter word of the day right. 

You begin by taking a wild guess on the first word. Grey letters in the word indicate that the corresponding letter is not in the right word. Subsequently, a yellow letter indicates that the letter is present in the word, but you haven’t placed it correctly. A green letter shows that you’ve got the right one at the right place. 

Scammers and hackers around the world naturally stepped up and took notice of the growing trends mentioning Wordle on social media.  

Over the past week, as Wordle gained popularity, both the Google Play Store and Apple’s iOS App Store were flooded by Wordle apps -- some free and ad-supported, while the others charged an outright amount for users to buy the app. 

One of the very first clones of the app was built by developer Zach Shakked, who cloned every bit of the original game and published it on Apple’s app store with a $30 per year subscription fee.  

Also read: Indian gaming firms foray into blockchain, NFTs, in games

According to reports, Shakked subsequently faced social media backlash for bragging about how Wardle, the original developer of the game, cannot take any recourse for him doing so as the game is not copyrighted on the App Store. Since then, the developer has pulled the game off the App Store shelves. 

Numerous other clones also cropped up across Apple and Google’s platforms, some being free to play as well. According to reports, Apple has banned most apps that were cashing in on the Wordle craze. However, TechCircle can confirm that in India, at least a couple such apps are still live, and even more clones are live on the Google Play Store. 

As many security incidents have repeatedly illustrated, such trends are field days for cyber attackers to gain unauthorised access to users’ devices, force malware downloads on their devices, get remote control to steal data for blackmailing or credentials of banks and credit cards, and so on. In specific cases, scammers simply cash in on a trend to earn quick bucks through subscription services of apps that are originally free. 

Adware serving as backdoors for malware, particularly on Android devices, is a common cyber security threat. Such threats typically use innocuous apps to serve ads to users, and use flaws and loopholes exploited by these apps to download malware from a remote server. As a result, users are advised against downloading any such app.

At the time of writing, Wordle remains available only as a browser-based web app that has no ads and is free to play. Reports have quoted its creator Wardle, as saying that he has no plans to monetise the game through a subscription service or ads, at any point of time.