Barcode scan app amassed millions of downloads before weird update starting popping open webpages...

2021-02-08 21:14

Barcode Scanner, a popular Android app, slipped undesirable code into an update in early December, an update that had the potential to reach more than 10m devices though actual distribution is believed to be far less.

Several weeks later, Google removed the app from Google Play.

LavaBird's now-banished Android app shouldn't be confused with ZXing Team's Barcode Scanner that remains in the Play Store.

AdQR. The Register asked Google to confirm when it removed Barcode Scanner and whether it has taken, or plans to take, any action to remove subverted versions of Barcode Scanner on Android users' devices.

Google's app defense mechanism, Google Play Protect, has the ability to issue notifications about apps, to disable them, and to remove them automatically.

In June last year, security biz TrendMicro reported finding two adware-laden barcode reading apps in Google Play, with 2m downloads between them.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/08/barcode_scan_app_malwarebytes_update/