A popular app has been removed from Google Play Store after it was discovered that it distributed Trojan malware on Android phones to millions of users through an update.
Until recently, Barcode Scanner was a simple app that provides users with a basic QR code reader and barcode generator, which is useful for things like making purchases and redeeming discounts. The app, which has been around since at least 2017, is owned by developer Lavabird Ldt. , And it claims to have over 10 million downloads, as shown Wayback Machine.
Recently, however, a malicious activity log has been traced back to the app. Users began to notice that something strange was going on with their phones: their default browsers had been hijacked and redirected to random ads, apparently out of nowhere. For many people, it was not clear what caused the outage, as not many have downloaded any apps recently. After enough angry victims wrote about their experiences on a web forum, one user finally referred to the barcode as the culprit.
Malwarebytes researchers verified that a scanner was the culprit, and posted the New report This indicates that this application introduced malware that produces ads on users’ phones, possibly through the application update last December. Researchers said the update corrupted the previously harmless app, moving it from an “innocent scanner to an app full of malware.”
The researchers were able to distinguish the ad malware present in the barcode from the basic ad SDKs (programs user By publishers to launch ads within the app for monetization purposes). In the case of Barcode Scanner, they are two completely different things. Researchers say that whoever injected the malicious code was able to hide its existence, adding that the application appears to have been intentionally switched from a regular application to a malicious application with malware through the update. According to the analysis:
It’s terrifying that with an update the app can become malicious as it goes unnoticed by Google Play Protect. We are confused that an app developer with a popular app can turn it into malware. Was this the plan from the start, to have an idle app, waiting for the attack after reaching popularity? I guess we’ll never know.
While Google has removed Barcode Scanner from its app store, it has not disappeared from the affected devices. Users of the application have to uninstall it manually from their phones.
The owner of Barcode Scanner, Lavabird Ltd. is registered. , At an address in London, according to Records Available online. The director of the company, Dmytro Kizima, resides in Ukraine.