Technology

Barcode scanner in Google Play Store became malware after years of popularity, researchers say

The Barcode Scanner app had 10 million downloads without serious complaints, but an update in December brought a trojan with it, Malwarebytes says.

By Joe Warminsky

February 8, 2021

(Getty Images)

An app with more than 10 million downloads from the Google Play Store recently took a hard turn to the dark side, according to antivirus company Malwarebytes.

The Barcode Scanner app had appeared in the store for years, but in December it became clear that it “had gone from an innocent scanner to full on malware,” writes Nathan Collier, a researcher for the Silicon Valley company.

Malwarebytes said Google Play removed the app in early December after users reported that it was opening the default web browsers on phones to serve up ad pages — without any direct action by the device owners themselves. The company is labeling the malicious code as a trojan.

“It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect,” Collier writes.

The researcher makes a clear distinction: There are many ways apps can go from innocent to annoying with behavior that serves up advertisements. One example is an app whose software developer kit (SDK) allows for third-party companies to display ads within the app itself. That’s a common way for developers to monetize their creations, especially for a “free” version of an app. Sometimes the ads served up through those connections can become a nuisance, though, earning an app the label of “adware.”

In this case, Barcode Scanner’s SDK wasn’t the problem. This was more than just adware. Malwarebytes says it appears that the browser-opening code came from within the core Barcode Scanner software itself.

“[M]alicious code had been added that was not in previous versions of the app,” the researcher writs. “Furthermore, the added code used heavy obfuscation to avoid detection. To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions.”

Malwarebytes says the app’s listed publisher is LavaBird LTD. A London-based company with that name says it specializes in “development and monetization of mobile games and applications.” The company’s website has no mention of Barcode Scanner.

The antivirus company notes that an app’s removal from the Google Play Store does not delete it from a user’s Android device.

Barcode scanner in Google Play Store became malware after years of popularity, researchers say

More Like This

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

House hurtles toward showdown over expiring surveillance tools

For Magecart groups and other credit-card skimmers, old and new opportunities abound

Top Stories

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

CISA ransomware warning program has sent out more than 2,000 alerts

Campaigns and political parties are in the crosshairs of election meddlers

More Scoops

State-sponsored Iranian hackers uploaded fake VPN app to Google’s Play store, posed as university officials

Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds

Another ‘Minecraft’ lesson for kids: Beware of deceitful adware apps

Scammers are abusing mobile ad networks in an attempt to phish Android app users

Scammers tried using kids apps in the Google Play store to generate cash

Google gives the boot to more malware-laden apps posing as games for kids

Scammers are using Play Store apps to serve ads that nobody can escape

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics