A popular application has been removed from Google Play after it was discovered that it had sent trojan malware to millions of users phones through an update.
Until recently, the barcode scanner was a simple application that provided users with a basic QR code reader and a barcode generator, useful for things I like make purchases and amortize discounts. The app, which has been in existence since at least 2017, is owned by developer Lavabird Ldt. And claims to have more than 10 million downloads, the Wayback Machine is shown.
However, a number of malicious activities were recently traced back to the application. Users began to notice something strange happening with their phones: default browsers continued to hijack and redirect to random ads, seemingly out of nowhere. For several people, it was unclear what caused the interruptions, as many had not downloaded any applications recently. After enough victims had them write about their experiences in a web forum, one user finally pointed the barcode with their finger.
Investigators with Malwarebytes have verified that the scanner is the culprit, releasing one new report this is shown sent malware that generates ads on users’ phones, probably via a December update. The update ruined the previously benign app, which went from an “innocent scanner to a malicious program,” the researchers write.
G / O Media may receive a commission
Researchers distinguish malicious software that generates barcode ads from basic ad SDK: programs used by publishers to launch advertising on the app for revenue purposes, stating that “it wasn’t like that” with the barcode scanner. Whoever injected the malicious code used intense obfuscation to hide the fact that it was there, say the researchers, who added that the application appears to have been intentionally transformed from a normal application into a malicious application by updating. . They write:
It’s scary that with an update an application can become malicious while under the radar of Google Play Protect. It baffles me that an app developer with a popular app turns it into malware. Was this the scheme all along, that an app would stay inactive, waiting for the strike after it reached popularity? I guess we’ll never know.
While Google has extracted the barcode scanner from its app store, has not passed the affected devices. Users of the app will need to manually uninstall it from their phones.
The owner of the barcode scanner, Lavabird Ltd., was incorporated in 2020 and is registered at an address in London, according to available online records. The director of the company, Dmytro Kizema, resides in Ukraine.
Gizmodo has contacted Lavabird and will be updated if we find out again.