Security News > 2021 > February > Android app joins the dark side, sends malware update to millions
Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update.
After lying dormant for years, the previously legitimate Barcode Scanner app developed by LAVABIRD LTD self-updated and took over the users' devices using malicious code now tagged by security vendors as trojan malware.
The malicious behavior experienced by its millions of users included seeing their default browser launching without any user interaction and displaying ads that promoted other, potentially malicious, Android apps.
"Many of the patrons had the app installed on their mobile devices for long periods of time," Malwarebytes malware researcher Nathan Collier said.
Even though this wouldn't be the first time malicious code has been found in Android apps, such incidents usually involve the use of third-party software development kits used by free app versions to display ads for monetization.
Google removed LAVABIRD's Barcode Scanner app from the Play Store after receiving Malwarebytes' disclosure in December.
News URL
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)