Click to Skip Ad
Closing in...
  1. MyQ Smart Garage Door Opener
    08:37 Deals

    Oops! Prime Day’s best-selling smart home gadget is still down to $17

  2. Prime Day 2021 Deals
    10:22 Deals

    Amazon just revealed its official list of Prime Day 2021 best-sellers

  3. Best Amazon Deals Today
    08:02 Deals

    Prime Day is over, but these 10 exclusive deals are for Prime members only

  4. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  5. Wireless Borescope Camera
    13:49 Deals

    Crazy wireless camera that lets your phone see anywhere is still down to $29 at Amazon

Delete this malicious Android app from your phone right now

February 10th, 2021 at 6:18 PM
Android app malware
  • More Android app malware has been found and removed from the Google Play Store, this time in the form of an app called Barcode Scanner.
  • Researchers found that the app seemed to be legitimate at one time and had accumulated some 10 million installations before the sketchy code was added, turning it into malware.
  • Google has removed the app from the Play Store, but users will still need to remove the app from their own Android device if they have it.

Hackers and bad actors get increasingly creative when it comes to trying to slip nefarious apps past the defenses of the Google Play Store, something we covered with increasingly regularity over the course of 2020 — a year in which we saw one example after another of batches of sketchy Android apps taking advantage of users and quickly getting booted from Google’s app store.

Examples included this batch of 24 Android apps, covering everything from weather to calendar and camera functionality, some of which were malware-laden and requested sketchy permissions. Google kicked them out of the store, but not before they’d racked up some 382 million downloads. Same with this group of Android apps that could have stolen users’ Facebook login data, which racked up about 470,000 downloads. Here we are now, meanwhile, in 2021, and the Android app malware machine is cranking back up into high gear — with one particularly sketchy Android app recently identified and kicked out of the Play Store after racking up some 10 million installs.

Today's Top Deal How is this Windows 10 laptop & 128GB microSD bundle only $219.99?! List Price:$249.99 Price:$219.99 You Save:$30.00 (12%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Via Malwarebytes, we learned about an app called Barcode Scanner that had actually been available in the Play Store for years. That led to accumulating the 10 million installations that we mentioned.

This app purported to give the user a barcode generator and QR code reader. All fine so far. Indeed, things apparently stayed that way, seemingly legitimate, for years. But things changed pretty recently. “Late last December,” notes the Malwarebytes report, “we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store.”

Eventually, one forum patron determined that this problem was coming from an app that had been installed a while ago: Barcode Scanner. Malwarebytes says it quickly added the detection, and Google removed the app from the Play Store soon after.

The update that seems to have changed this app (“from an innocent scanner to full on malware!” the report notes) occurred in early December — and, by the way, while Google has removed the app from its own marketplace, you’ll still need to scrub it from your Android device if you have it. Also, this link will show you a video depicting what the app did to infected phones.

It seems that malicious code was inserted into the app that wasn’t in previous versions of the app, according to the researchers. And the new bit of code used “heavy obfuscation” to try and keep from being detected. “Because of its malign intent, we jumped past our original detection category of Adware straight to Trojan,” the report adds, in a summary that you can check out in full here.

Today's Top Deal Amazon forgot to end this #1 best-selling Prime Day deal — now just $17! List Price:$29.98 Price:$16.98 You Save:$13.00 (43%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.

Popular News