Friday, July 23, 2021

This malicious Android app hijacked millions of devices after one update

Must Read

CISA issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on...

Hacker is selling passwords of the email accounts of hundreds of C-level executives

Access is offered for $100 to $1500 per account, based on the business size and exec role. A Threat Actor...

What is Pegasus spyware, It’s Working, and its News

Pegasus was developed by the Tel Aviv, Israel-based cyber intelligence and security firm NSO Group. Pegasus spyware is also...

In only one update, the popular barcode scanner app on Google Play has been transformed into malware and has been able to hijack up to 10 million devices.

Barcode Scanner by Lavabird Ltd. was an Android app available in the official repository of the Google app for years. The app, which counts more than 10 million installs, provided the QR code reader and the barcode generator, a useful mobile device resource.

The mobile app has been seen as a legitimate, reliable, multi-user software that has installed the app over the years without any problems – until recently.

According to Malwarebyte, users have recently started complaining about ads that appear unexpectedly on their Android devices. It is often the case that unwanted programs, ads, and malicious releases are linked to the installation of a new app, but in this case, users have reported that they have not installed anything recently.

After the investigation, researchers identified the Barcode Scanner as the major incident.

A software update released approximately December 4, 2020, changed app functions to compress advertising without warning. While many developers are placing ads in their software to offer free versions – and paid apps do not show ads – in recent years, switching apps from one-to-one adware apps overnight has become commonplace.

“Ad SDKs can come from a variety of third-party companies and provide a source of revenue for the app developer. It’s a win-win situation for everyone,” said Malwarebytes. “Users get a free app, while app developers and SDK ad developers get paid. But from time to time, the SDK ad company can change something in its end and ads can start to get aggressive.”

In some cases, ‘aggressive’ advertising methods may be the fault of third-party SDKs – but this is not the case with the Barcode Scanner. Instead, researchers say the malicious code was suppressed in the December review and was too hidden to avoid detection.

The update was re-signed with the same security certificate used in previous, clean versions of the Android app.

Malwarebyte has reported its findings to Google, and the tech giant has now released an app on Google Play. However, this does not mean that the app will disappear on the affected devices, so users need to manually uninstall the bad app.

Converting clean SDKs into bad packages is the only method used to avoid Google Play protection, with time testing, longer display times, loosening of open source libraries used by the app, and powerful uploads identified as invaders to compromise your mobile device.

Another exciting feature, seen by Trend Micro, is the launch of a motion sensor check. By 2019, Android apps have been found to contain Anubis Trojan bank, which will only work if they remove their handset.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This