- More malware for Android apps has been found and removed from the Google Play Store, this time in the form of an app called Barcode Scanner.
- Researchers found that the app once appeared legitimate, accumulating about 10 million installs before adding the sketchy code, turning it into malware.
- Google has removed the app from the Play Store, but users will still have to delete the app from their own Android device if they have it.
Hackers and bad actors are getting more and more creative when it comes to trying to get nefarious apps to slip past the defenses of the Google Play Store, something we’ve covered with increasing regularity over the course of 2020 – a year in which we continued to follow the other example of batches of sketchy Android apps that take advantage of users and launch quickly from Google’s app store.
Examples of this included this batch of 24 Android apps, covering everything from the weather to the calendar and camera functions, some of which were malware-laden and demanding vague permissions. Google kicked them out of the store, but not before they collected some 382 million downloads. The same is true of this group of Android apps that could have stolen users’ Facebook credentials, yielding about 470,000 downloads. Here we are now, in the meantime, in 2021, and the Android app malware engine is back in gear – with a particularly sketchy Android app recently identified and kicked off the Play Store after roughly 10 million installs.
Today’s best deal 
Honeywell’s fabric face masks are in stock on Amazon for the lowest price ever! List price:$ 29.99 Price:$ 22.24 You save:$ 7.75 (26%) 
BGR is available from Amazon and can receive a commission Available at Amazon BGR can receive a commission
Through Malwarebyteswe learned about an app called Barcode Scanner that had been available in the Play Store for years. That led to an accumulation of the 10 million installations we mentioned.
This app intended to provide the user with a barcode generator and a QR code reader. All fine so far. Indeed, things apparently stayed that way for years, seemingly legitimate. But things have changed quite recently. “Late December,” notes the Malwarebytes report, “we started getting an emergency call from our forum users. Customers were shown ads that were opened from scratch through their default browser. The strange thing is that none of them had installed apps recently and the apps they installed were from the Google Play Store. “
Finally, a forum user determined that this problem came from an app that was installed a while ago: Barcode Scanner. Malwarebytes says it quickly added the detection and Google removed the app from the Play Store shortly after.
The update that appears to have changed this app (“from a harmless scanner to full of malware!”, The report notes) happened in early December – and by the way, while Google has removed the app from its own marketplace, you’ll still have to. always scrubbing off your Android device if you have it. This link will also show you a video showing what the app has done with infected phones.
It appears that malicious code has been inserted into the app that was not in previous versions of the app, the researchers said. And the new bit of code used “heavy eclipse” to keep it from being detected. “Due to its malicious intent, we jumped past our original adware detection category straight to Trojan,” adds the report, in a summary that you can view in full here.
Today’s best deal 
Amazon shoppers are obsessed with these best-selling Powecom KN95 masks Price:$ 25.99 BGR is available from Amazon and can receive a commission Available at Amazon BGR can receive a commission
Andy is a Memphis reporter who also contributes to outlets like Fast Company and The Guardian. When not writing about technology, he can be found protective of his burgeoning vinyl collection, as well as his Whovianism and binges on a variety of TV shows you probably don’t like.