In the past few years, there has been a steady increase in people embracing digital services, and the sudden Covid-19 outbreak in early 2020, further accelerated the online adoption rate.
However, this also attracts bad actors to prey on naive users to steal sensitive and financial data, to make a quick buck. Big technology companies such as Apple and Google have a responsibility to scale up the security to curb malware-induced apps entering their mobile OS ecosystem iOS and Android, respectively.
Recently, Google took down the widely used browser extension tool ‘ The Great Suspender’ from Chrome Webstore over housing hidden malicious codes. Now, the search engine giant has removed another popular application Barcode Scanner, this time, from the Play store.
Nathan Collier, a cyber researcher at Malwarebytes revealed that the Barcode Scanner (developed by LavaBird Ltd) stored malicious Ad SDKs (Software Development Kit)– “Android/Trojan.HiddenAds.AdQR”.
With pop-up ads, the app illegally diverted users to third-party sites on the phone’s default browser to gain revenue from ad clicks.
“The code used heavy obfuscation to avoid detection. To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions,” Collier added.
So far, Barcode Scanner is said to installed on 10 million Android phones around the world. Though it is no longer available on the Play store, users who still have the app on their phone, are advised to uninstall it immediately.