Monday, October 18, 2021

Update to Popular Barcode Scanner App Turns Into Adware Nightmare on Android

(Credit: Pixabay)

Users of a barcode scanner app on the Google Play Store got a nasty surprise in December when it began generating adware on potentially millions of Android phones. 

The free app, known simply as Barcode Scanner, comes from Lavabird, a little-known developer, but has been downloaded more than 10 million times from the Google Play Store. 

On Dec. 4, the app rolled out an update to users’ smartphones with a shady function: the once-benign app was now capable of injecting annoying ads on users’ default mobile browsers, according to antivirus provider Malwarebytes. In response to consumer complaints, the company investigated the problems, and confirmed the presence of malicious code in the app. 

The most alarming discovery is how Lavabird appears to have intentionally added the malicious code into the app itself, according to Malwarebytes.  

“Furthermore, the added code used heavy obfuscation to avoid detection,” it added. “To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions.”

The malicious code activates within minutes after the update is installed. The smartphone’s browser will then automatically load a pop-up that poses as Google and recommends the user download a “Rocket Cleaner” app from the Play Store to keep their device free of viruses. 

According to victims, the adware was infuriating, and would persist even after a factory reset. “It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect,” Malwarebytes added. “It is baffling to me that an app developer with a popular app would turn it into malware. Was this the scheme all along, to have an app lie dormant, waiting to strike after it reaches popularity?”

We’ve reached out to Lavabird, and will update the story if we hear back. Fortunately, uninstalling the Barcode Scanner app will remove the adware.

Google didn’t immediately respond to a request for comment. But the company has pulled Lavabird’s Barcode Scanner app from the digital store. It’s also been working to vet apps on Google Play for security threats. But somehow, the malicious update for Barcode Scanner got through.

To stay safe, it’s best to avoid downloading software from little-known developers. You should also remove apps you rarely use.

Source link

MORE Articles

ఏపీలో మరో ఎన్నికల సమరం – ఎన్నికల సంఘం సన్నాహాలు..!!

12 మున్సిపాల్టీల్లో ఎన్నికల కోసం వీటిపై ప్రజలు, రాజకీయ పార్టీల ప్రతినిధుల నుంచి అభ్యంతరాలు స్వీకరించి 23న తుది నోటిఫికేషన్‌ ఇవ్వాలని స్పష్టం చేసింది. అందులో భాగంగా...

How the tech used to make giant, ultrahigh-precision mirrors and lenses for the James Webb Space Telescope was repurposed to develop displays for mobile...

Christopher Mims / Wall Street Journal: How the tech used to make giant, ultrahigh-precision mirrors and lenses for the James Webb Space Telescope...

OzTech: CBA gets machine learning to tackle abusive messaging; Smart city tally ranks 5 Australian cities; Australia and Finland to exchange supercomputer information

Commonwealth Bank gets machine learning to solve abusive messaging issuesEighteen months after finding a large number of abusive messages attached to customers’ transactions...

Dispute resolution platform Immediation raises $3.6M AUD to expand in the U.S. – TechCrunch

The pandemic forced the legal profession to cobble together remote work strategies, often through a combination of video conferencing and emails. Founded in...

Amazon India’s brand team steals designs and artificially boosts its visibility in search results

A hot potato: Companies worldwide spend uncountable hours and dollars to...

Stay Connected