Cybersecurity firm Malware Bytes has reported that the mobile app “Barcode Scanner” was found to contain malware after an update in Dec 2020 & was subsequently pulled by Google.
In a blog post, Malware Bytes said Barcode Scanner had been installed by thousands for long. Then, all of sudden, after an update in December, Barcode Scanner had gone “from an innocent scanner to full on malware.”
The team at Malware Bytes pointed out that removing an app from the Google Play store did not necessarily mean it will be removed from affected mobile devices. Unless Google Play Protect removes it after the fact, it remains on the device. This is exactly what users are experiencing with Barcode Scanner. Thus, until they install a malware scanner like Malwarebytes for Android, or manually remove the app, it will continue to display ads, said Malware Bytes.
How Did This Happen?
According to Malware Bytes, the majority of free apps on Google Play include some kind of in-app advertising. They do this by including an ad SDK to the code of the app. Usually at the end of the app’s development. Paid-for versions simply do not have this SDK included.
Ad SDKs can come from various 3rd-party companies & provide a source of revenue for the app developer. It’s a win-win situation for everyone. Users get a free app, while the app developers & the ad SDK developers get paid.
But every once in a while, an ad SDK company can change something on their end and ads can start getting a bit aggressive. Sometimes even landing the apps that use it in the Adware category. When this happens, it is not the app developers’ doing, but the SDK company.
But in the case of Barcode Scanner, this was not the case, claimed Malware Bytes.
No, in this case, malicious code had been added that was not in previous versions of the app. Furthermore, the added code used heavy obfuscation to avoid detection. To verify this is from the same app developer, team Malware Bytes confirmed it had been signed by the same digital certificate as previous clean versions. Because of its malign intent, the team went from past its original detection category of Adware straight to Trojan, with the detection of Android/Trojan.HiddenAds.AdQR.
Malware Bytes said it was hard to tell just how long Barcode Scanner had been in the Google Play store as a legitimate app before it became malicious. However, based on the high number of installs & user feedback, the agency suspects it had been there for years.
Image credit: Malware Bytes
