The Android app named “Barcode Scanner” on Google Play Store has infected 10 million users, an update to the app was the culprit

The security company; Malwarebytes has recently reported that it started getting distress calls from forum patrons in the late last December. The company has said that these forum users had a single issue in common that was: experiencing the opening of ads out of nowhere. The users also complained that any of the apps were not installed recently and came directly from Google Play.

Google has always had a bad history about how it tackles the malicious apps on its Play Store. Recently, the app named “Barcode Scanner” was found to be malicious through its new update and was also successful in infecting a huge number of 10 Million users. The security company Malwarebytes announced that “Anon00” is one of its forum users that detected that an app was installed a long time ago, with the name of “Barcode Scanner” through which the ads were coming.

The company was efficient enough to observe that Google immediately removed the app from the store. An update to the app rolled out in December, after which the app proved to be nothing more than malware to 10 Million users. According to the reports, the update was officially available to all the users on the 4th of December 2020.

The security company says that the majority of free apps on Google Play include some type of in-app advertising that uses an SDK. The company is sure that there are high chances of the SDK to start processing aggressively. However, something happened very unusually this time: the company made it clear that when the SDK starts functioning problematically the SDK company is the real culprit other than the app developers, but surprisingly, the Barcode scanner wasn’t observed to face such a situation.

Malwarebytes was successful in detecting that the code came with the latest update, as the previous versions of the app were free of any malware, and with the help of heavy perplexion, it was made difficult to detect this problem. To verify that this was coming from the same app developer, Malwarebyte confirmed that it was the digitally signed certificate that was common among the previous and the new update.

Google has already omitted the app from its store, but that doesn’t mean that your already installed will also be automatically uninstalled without the interference of Google Play Protect. Hence it is highly advised to uninstall the app, as the app will continue to show ads, until and unless; Google comes up with a malware scanner like Malwarebytes for Android.


Read next: An extension was discovered that misused the Chrome Sync feature in order to gain access over the user’s information
Previous Post Next Post