Android App Barcode Scanner Transformed Into Malware Before Google Removed It

After gathering over 10 million downloads, a previously innocent Android app Barcode Scanner turned into malware. The app turned malicious after a recent update that added malicious codes to the app. Upon receiving attention, Google removed the app from the Play Store.

Barcode Scanner Android App Became Malware

According to a Malwarebytes Lab post, the Android app with over 10 million downloads Barcode Scanner, turned into malware.

The app from LavaBird Ltd. possibly existed on the Play Store for several years. It attracted immense attention and the users had no problem using the app.

However, the app suddenly started exhibiting malicious behavior as it barraged users with ads.

Malwarebytes analysis reveals that the app turned into a malware possibly after receiving the December 2020 update.

While, in most cases, the free apps bear an ad SDK primarily managed by the advertisers. As triggered, the SDK shows ads to the users, sometimes, aggressive ones as well.

However, in the case of Barcode Scanner app, the problem wasn’t with the SDK. Rather the app itself received a malicious code from the developers after the update. The code also exhibited heavy obfuscation possibly to evade detection. As stated in the post,

In the case of Barcode Scanner, malicious code had been added that was not in previous versions of the app. Furthermore, the added code used heavy obfuscation to avoid detection. To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions.

It remains unclear why an initially harmless app went malicious after existing on the Play Store for so long.

Google Removed The App From Play Store

The malicious Barcode Scanner app no more exists on the Play Sore as Google removed it.

However, this app with over 10 million downloads might still be running on users’ devices.

Therefore, all Android users should manually check their devices to find if this app is installed and running. If found, users must ensure uninstalling the app at the earliest.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil