An Android app named Barcode Scanner in Google’s Playstore has turned malicious after an update and has been showing ads aggressively through users’ default browser. The app had more than 10 million installs from the Playstore alone and been active in many devices even though Google removed it after reporting.
Android App Turning Malicious After an Update
After several Malwarebytes forum patrons reported, the Malwarebytes team has looked into an Android app named Barcode Scanner from the Google Playstore. The app has simple purposes of scanning barcodes and QR codes and is good for most of its time, where it has turned malicious lately.
Many have complained that they’re being shown ads out of nowhere, as they haven’t installed any suspicious app from unknown sources, but only some recently from Google’s Playstore. One user spotted that Barcode Scanner is the cause, and digging deep into it has confirmed the accusation.
Researchers declared that Barcode Scanner is pushing malicious ads from users’ default browser and is doing all this after receiving an update on December 4th last year. It opens the ad page and a popup window asking users to update their browser or install an app redirecting to Playstore.
Researchers confirmed that this malicious behavior isn’t done by the app’s SDK partner but by the developer itself. They’ve found Android/Trojan.HiddenAds.AdQR in the app’s updated code is verified with the same digital signature as its earlier clean versions. It’s also highly obfuscated to avoid detection, and it succeeded by slipping under Google’s radar.
Though it’s now removed from the Playstore after being reported, it may still be available on users’ devices who installed it earlier. Thus, users having this are recommended to uninstall right away to avoid getting spam ads everywhere.