A Google Play barcode scanner app with more than 10 million downloads has turned out to be adware. Barcode Scanner, a popular third-party Android utility, has received an upgrade containing a trojan virus that opened a website full of malicious pop-ups in the device browsers.
The report comes from anti-malware software Malwarebytes which was originally posted on 5 February by intelligence analyst, Nathan Collier. The Barcode Scanner app, which enabled users to scan QR codes and barcodes, has since been removed from the Play Store.
The app started as legitimate, with many users even having had it installed on their mobile devices for several years. However, in late December, security firm Malwarebytes began receiving complaints from customers that ads were randomly opening on their default browser.
IN OTHER NEWS … Google Play App Delivers Malware To Android Users
“Although Google has already pulled this app, we predict from a cached Google Play webpage that the update occurred on December 4th, 2020,” wrote Nathan Collier in his blog post. “It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect.”
Google Play Protect is Google’s comprehensive security suite, designed to ensure protection for every Android device and notify users of suspicious or unknown apps.
Barcode Scanner was also reportedly part of Google Play Pass, an app subscription service by Google for Android devices with over 350 premium games and apps for the price of $4.99/month. This could mean that even more millions of smartphones could have been subjected to malware from this app.
IN OTHER NEWS… Google To Allow Gambling Apps On US Play Store
“It is baffling to me that an app developer with a popular app would turn it into malware,” Collier added. “Was this the scheme all along, to have an app lie dormant, waiting to strike after it reaches popularity?”
Collier privately notified Google of the Android/Trojan.HiddenAds.AdQR. trojan and the app was removed from the store. But while Barcode Scanner is no longer available in the Play Store, it still remains on the devices which already had it installed and so far Google has yet to use Google Play Protect to remove it from said devices. Users are recommended to personally remove the app from their devices posthaste.