Security News > 2021 > February > Android app joins the dark side, sends malware update to millions
Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update.
After lying dormant for years, the previously legitimate Barcode Scanner app developed by LAVABIRD LTD self-updated and took over the users' devices using malicious code now tagged by security vendors as trojan malware.
The malicious behavior experienced by its millions of users included seeing their default browser launching without any user interaction and displaying ads that promoted other, potentially malicious, Android apps.
"Many of the patrons had the app installed on their mobile devices for long periods of time," Malwarebytes malware researcher Nathan Collier said.
Even though this wouldn't be the first time malicious code has been found in Android apps, such incidents usually involve the use of third-party software development kits used by free app versions to display ads for monetization.
Google removed LAVABIRD's Barcode Scanner app from the Play Store after receiving Malwarebytes' disclosure in December.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)