A popular barcode scanner app with over 10 million downloads on the Google Play Store has been caught infecting Android devices with malware. The app, simply dubbed Barcode Scanner, has since been removed from the Play Store, but it likely still remains there on many of the infected devices.
As the name implies, the Barcode Scanner app was a simple app that allowed users to scan barcodes and QR codes. But as discovered by security researchers at Malwarebytes, the app received an update in December that added malicious code that was not present in the previous versions of the app. Researchers note the app used heavy obfuscation to avoid detection. And it did work as this malicious update flew under the radar of Google’s Play Protect service, which is in place precisely to detect and takedown such malicious apps. Researchers at Malwarebytes were able to confirm that the app was signed by the same digital certificate as previous versions, hence confirming it was coming from the same developer, LavaBird LTD.
“In the case of Barcode Scanner, malicious code had been added that was not in previous versions of the app. Furthermore, the added code used heavy obfuscation to avoid detection.”
The app sprung to life within minutes of installation and started bombarding users with adware and automated web redirects to shady websites without user interaction. You can see the malicious activity in the below video:
Malwarebytes says Google was notified privately and has taken the app down from the Play Store. So far, Google hasn’t yet used its Play Protect tool to notify users who still have this malware installed on their phones. That means users must act on their own and remove the app from their phones.
If you have a barcode scanner app installed on your device and have been noticing some odd behavior lately, head to the app settings and look for the app’s package name. If the app has the package name com.qrcodescanner.barcodescanner, uninstall it immediately.