Android app malware

An Android app with over 10 million installations spread malware to its users in a recent update.

Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. The app has been a popular download among Android users for several years and before the most recent update had never engaged in questionable practices.

“It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect. It is baffling to me that an app developer with a popular app would turn it into malware,” wrote Nathan Collier, a malware researcher with cybersecurity firm MalwareBytes who discovered the malicious update.

The app was removed from the Google Play store but remains installed on Android devices.

Takeaways:

  • Keep an eye out for new and suspicious behavior on your mobile device, especially after installing a new app or updating an existing one.
  • Google and Apple have systems in place to scan apps on their stores for trouble, but they are by no means failsafe. There is always a level of risk involved with installing any app to your device.
  • In general, it’s worth bearing in mind that apps that allow you to scan barcodes or QR codes, timing workouts, etc. may also allow a bad player to place invasive data tracking on your device as well as annoying advertising. Install apps only after you’ve researched them and think twice before allowing any app unfettered access to your mobile device.