Hackers and bad actors get increasingly creative when it comes to trying to slip nefarious apps past the defenses of the Google Play Store, something we covered with increasingly regularity over the course of 2020 — a year in which we saw one example after another of batches of sketchy Android apps taking advantage of users and quickly getting booted from Google’s app store.
Examples included this batch of 24 Android apps, covering everything from weather to calendar and camera functionality, some of which were malware-laden and requested sketchy permissions. Google kicked them out of the store, but not before they’d racked up some 382 million downloads. Same with this group of Android apps that could have stolen users’ Facebook login data, which racked up about 470,000 downloads. Here we are now, meanwhile, in 2021, and the Android app malware machine is cranking back up into high gear — with one particularly sketchy Android app recently identified and kicked out of the Play Store after racking up some 10 million installs.
Via Malwarebytes, we learned about an app called Barcode Scanner that had actually been available in the Play Store for years. That led to accumulating the 10 million installations that we mentioned.
This app purported to give the user a barcode generator and QR code reader. All fine so far. Indeed, things apparently stayed that way, seemingly legitimate, for years. But things changed pretty recently. “Late last December,” notes the Malwarebytes report, “we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store.”
Eventually, one forum patron determined that this problem was coming from an app that had been installed a while ago: Barcode Scanner. Malwarebytes says it quickly added the detection, and Google removed the app from the Play Store soon after.
The update that seems to have changed this app (“from an innocent scanner to full on malware!” the report notes) occurred in early December — and, by the way, while Google has removed the app from its own marketplace, you’ll still need to scrub it from your Android device if you have it. Also, this link will show you a video depicting what the app did to infected phones.
It seems that malicious code was inserted into the app that wasn’t in previous versions of the app, according to the researchers. And the new bit of code used “heavy obfuscation” to try and keep from being detected. “Because of its malign intent, we jumped past our original detection category of Adware straight to Trojan,” the report adds, in a summary that you can check out in full here.