Security research firm Malwarebytes claimed that one of its forum users reported about a malicious app “Barcode Scanner” published by LavaBird LTD, which has over 10 million installations on the Google Play Store.
Several users, who downloaded the app, reported that unwanted ads were displayed on their default browser on Android devices without users’ consent. Malwarebytes stated that the app remained harmless for a long time and suddenly turned malicious after an update, which was released on December 4, 2020. It is suspected that the app developer intentionally added the malicious code (Android/Trojan.HiddenAds.AdQR) in the update that was not in previous versions of the app.
The app has been taken down from the Google Play Store after Malwarebytes reported the issue. However, the users who still have the app installed on their devices are vulnerable. “Removing an app from the Google Play store does not necessarily mean it will be removed from affected mobile devices. Unless Google Play Protect removes it after the fact, it remains on the device. This is exactly what users are experiencing with Barcode Scanner,” Malwarebytes said.
Scanner Turns Malicious!
While it is unknown how long the Barcode Scanner app had been in the Google Play store as a legitimate app before it became malware, it’s suspected that it had been there for years, based on the high number of installs and user feedback.
“It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect. It is baffling to me that an app developer with a popular app would turn it into malware. Was this the scheme all along, to have an app lie dormant, waiting to strike after it reaches popularity? I guess we will never know,” Malwarebytes added.
Users are advised to remove the app manually if they are still using it, to avoid any suspicious activities.
