Alert! This Android App May Have Served up Malware to Millions of Users
A Google Play Pass app called “Barcode Scanner” has been accused of spamming millions of users with many unwanted adverts.
It has been noticed that Google Play Pass app barcode scanner app went from legitimate to malicious with just one update
The news came in from users that are on the forum of security firm Malwarebytes, who began noticing that ads were randomly opening in their web browsers on their Android devices.
Developer LavaBird LTD’s app Barcode Scanner has been allowing users previously to scan QR codes and to also generate barcodes before it received an update in the month of December last year. After the update though, the app that was once an innocent scanner turned into full on malware.
The Barcode Scanner app then began to open users’ default browsers and showing them ads for other Application and also was recommending that they upgrade apps that are already installed on their devices in order to boost their performance.
This app in question had over 10 million installs on the Google Play Store before it was taken down, although some the users may still have it installed on their devices.
In order to provide apps to users for free, many of the free apps on Google Play include some kind of in-app advertising by imputing an ad SDK in their code. However, sometimes an ad SDK can change somethings or some settings on their end that makes their ads become more aggressive and starts malfunctioning. Sometimes these changes that occurs can even turn an app into adware.
However, this wasn’t the case with Barcode Scanner, as the malicious code added in the update was not found in previous versions of the app. Malwarebytes also made a discovery that the added code used heavy obfuscation making it hard and to avoid detection. The cybersecurity firm also detected and verified that the update came from LavaBird LTD by confirming that it had been signed by the same digital certificate as previous versions of the app.
Due to the act of Barcode Scanner’s obvious malicious intent, Malwarebytes is looking even further into the app’s code to find out a trojan in the form of Android/Trojan.HiddenAds.ADQR.
1. The Users that still have Barcode Scanner installed on their devices should quickly delete the app immediately to avoid being served unwanted and even malicious ads in their browsers.
2. There are some best antivirus apps that are best available for your Android phone.
3. Keep your devices free from virus with the best malware removal software.
4. Also try to check out some roundup of the best ransomware protection.