“When good apps go bad” seems to be the name of the digital game these days. The big suspender browser extension has recently shown its true colors, and now joining the malware frenzy is the old Android favorite “Barcode Scanner” app – despite more than 10 million installs.
Our usual advice applies, with one important caveat: if you have Barcode Scanner installed on your Android device and Google hasn’t yet removed the app on your behalf, now is a good time to get rid of it. However, make sure to remove the correct one. Malwarebytes’ recent report describes the Barcode Scanner app from Lavabird:
“… in the case of Barcode Scanner, malicious code was added that was not in previous versions of the app. In addition, the added code used heavy obscuration to avoid detection. To verify that this is from the same app developer, we have confirmed that it is signed with the same digital certificate as previous clean versions. Due to its malicious intent, we jumped right beyond our original Adware detection category to Trojan, with Android / Trojan.HiddenAds.AdQR detection. “
There is another Barcode Scanner app, from ZXing, which does not come with malware (at the time of writing). It’s probably the Barcode Scanner app on your mind, as it has been available for Android for practically as long as the operating system has been around. It is fine to use, even if it is review-bombed to hell because people assume it’s the malware app of the same name. Sigh.
How can you check which one is which? If you can’t tell from the app icon, you can always pull up Settings> Apps & notifications> View all … apps> Barcode scannerthen tap Advanced> App Details, which should take you to the listing in the Google Play Store. (The steps for your specific Android device may be slightly different). If the Google Play Store listing doesn’t exist then you have the bad Barcode Scanner app and you should delete it now.
G / O Media can receive a commission
And if you are wondering if you could have done something about the malware-filled Barcode Scanner app? Not really. If an app has built an established reputation on the Google Play Store, provides a useful service, and hasn’t been a problem for many years, there’s nothing to tip you off about the developers intention to take advantage of all that goodwill for nefarious means.
Of course you will find that there is something strange when your device starts to respond – in this case, a browser is launched without any intervention on your part – but it will be difficult to figure out what is causing that problem. You generally want to see which of your apps have been updated recently and start digging, but it’s also possible that an app that was updated months ago just triggered some kind of malware mechanism or some other shady practice (hoping it won’t get caught will be).
It probably wouldn’t hurt to install an app like Malwarebytes Anti-Malware and carry it out from time to time; this can at least alert you if apps on your device act suspiciously recently. You disagree need the premium version of the app: Regular free scans should be okay (along with the app’s privacy control feature). You can get aalso think Sophos intercept X, filled the advertisement Avast Antivirus, and a host of others.
While I feel like it is rare situation to have an app goes rogue like this, and probably one that doesn’t warrant a real-time scanner on your device, it never hurts to have a few tools hanging around in case your phone starts doing something strange. If so, do some scanning, check which apps have been updated recently and run some internet searches to see if you can identify it the problem. Chances are, if your phone is spamming, an app is to blame.