A popular app has been removed from the Google Play Store after discovering that it distributed Trojan malware on Android phones to millions of users via an update.
Until recently, Barcode Scanner was a simple app that provides users with a basic QR code reader and barcode generator, which is useful for things like making purchases and redeeming discounts. The app, which has been around since at least 2017, is owned by developer Lavabird Ldt. , And it claims to have over 10 million downloads, as shown Wayback Machine.
Recently, however, a malicious activity log has been traced back to the app. Users began to notice that something strange was going on with their phones: their default browsers were getting hacked and redirected to random ads, apparently out of nowhere. For many people, it was not clear what caused the outage, as not many have downloaded any apps recently. After enough angry victims wrote about their experiences on a web forum, one user finally referred to the barcode as the culprit.
Malwarebytes researchers verified that a scanner was the culprit, and posted the New report This indicates that this application has introduced malware to serve ads on users’ phones, most likely by updating the application last December. The researchers said the update corrupted the previously harmless application, moving it from an “innocent scanner to an application full of malware”.
The researchers were able to distinguish the ad malware present in the barcode from the basic ad SDKs (programs user By publishers to launch ads within the app for monetization purposes). In the case of a barcode scanner, they are two completely different things. The researchers say that whoever injected the malicious code was able to hide its existence, adding that the app appears to have been intentionally switched from a normal application to a malicious application with malware through the update. According to the analysis:
It’s terrifying that with an update the app can become malicious as it goes unnoticed by Google Play Protect. We are confused that an app developer with a popular app can turn it into malware. Was this the plan from the start, to have an idle app, waiting for the attack after it hits popularity? I guess we’ll never know.
While Google has removed Barcode Scanner from its app store, it has not disappeared from the affected devices. Users of the application have to uninstall it manually from their phones.
The owner of Barcode Scanner, Lavabird Ltd. is registered. , At an address in London, according to Records Available online. The director of the company, Dmytro Kizima, resides in Ukraine.