Android app joins the dark side, sends malware update to millions

Bleeping Computer

Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update.

After lying dormant for years, the previously legitimate Barcode Scanner app developed by LAVABIRD LTD self-updated and took over the users’ devices using malicious code now tagged by security vendors as trojan malware.

The malicious behavior experienced by its millions of users included seeing their default browser launching without any user interaction and displaying ads that promoted other, potentially malicious, Android apps.

Many of the patrons had the app installed on their mobile devices for long periods of time (one user had it installed for several years), Malwarebytes malware researcher Nathan Collier said.

Then all of sudden, after an update in December, Barcode Scanner had gone from an innocent scanner to full on malware!

Full article