Android app with over 10 million installs suddenly becomes adware — what to do [updated]
Android app with over x million installs of a sudden becomes adware — what to do [updated]
Updated with boosted information.
If your Android telephone or tablet has of a sudden started showing lots of ads or its browser has been popping open on its own, a rogue app called Barcode Scanner may be to blame.
Malwarebytes detailed in a blog mail last week how its forum users tipped off researchers about Barcode Scanner, an app that had been installed past more than x million people over several years earlier it started doing shady things after an update in early December 2020.
- Millions of Android devices threatened by botnet malware — what to practise
- The best Android antivirus apps
- Plus: Beware links to Discord's website — it could exist malware
Google subsequently yanked the bad Barcode Scanner app from the Google Play Store. Several other apps with that same name — let'south call them the "good" Barcode Scanners — are still at that place. If the bad Barcode Scanner is on your phone or tablet, you'll want to uninstall it. (Yous'll also want to make sure yous've got one of the best Android antivirus apps installed.)
Malwarebytes calls what the bad Barcode Scanner did "malicious." To the states, it sounds like the app became more adware than malware.
From what Malwarebytes describes, the app started forcing users' default Android browsers (this would exist Google Chrome on about devices) to open new pages pointing to online ads, so put them foremost on the device's display without the user'southward request.
That's pretty annoying, but it's a long manner from existence real Android malware that steals sensitive personal information or drafts your device into an Android botnet. The ad-ridden update got past Google Play's screeners by hiding the dodgy parts of its lawmaking.
Malwarebytes said the Barcode Scanner in question was developed by a company calling itself LavaBird Ltd., which makes at to the lowest degree 4 other apps nevertheless in Google Play and whose incomplete street address implies information technology'southward based in a rather expensive role of primal London. Hither's a picture of what the Google Play app entry looked like before the app was kicked out.
Withal, archived versions of the Google Play Store URL provided past Malwarebytes prove a unlike developer, one based in India and named, well, Barcode Scanner.
The erstwhile and new versions of the Barcode Scanner app have consequent version numbers, and both cite identical numbers of installs and Android system requirements.
It looks like the original Barcode Scanner developer may have sold the app to another party, who and so injected may have injected adware.
UPDATE: Our friends over at The Annals remembered that the British authorities makes it piece of cake to look upward the details of any company registered in the UK.
Information technology turns out the London address that LavaBird Ltd. claims is accurate, although information technology's likely just a forwarding service as at that place are dozens of other companies registered at that same accost.
LavaBird appears to accept been registered in London in March 2020 by a 23-year-old Ukrainian human being who lives in Kyiv. The Register as well establish a related website that proclaims, "We sell Android mobile traffic!", which is never a good sign for an app developer.
UPDATE 2: LavaBird got in touch on with Malwarebytes to insist that they were not the ones who had injected malware into Barcode Scanner. Rather, LavaBird said, they were the intermediaries in a transfer of ownership from the app'south original developers to a tertiary party called "The Space Squad."
LavaBird said their name was registered as the programmer for a time, but that actual control of the app code passed straight from the original programmer to The Space Squad.
Malwarebytes did some digging into the Internet Archives and off-road app stores and found that the app'south registered developer on Google Play did in fact modify from LavaBird to The Space Squad in early on Dec. The app was removed from Google Play one-time in January.
"Ultimately, I believe LavaBird'south claims," wrote Malwarebytes' Nathan Collier. "We write this in hopes of clearing LavaBird'south name."
How to tell if you lot've got the bad Barcode Scanner, and how to remove it
The bodily Android app ID is "com.qrcodescanner.barcodescanner", just Google doesn't get in like shooting fish in a barrel to view an installed app'southward ID without bouncing you to the Google Play Store website. The Play Store page for this item app has been taken downwardly.
Probably the easiest way to see whether you have the bad Barcode Scanner installed is to go to Settings > Apps. Look for an app called Barcode Scanner. If it's not at that place, you're good.
If there is a Barcode Scanner app, then you demand to make sure which Barcode Scanner information technology is. Tap the app listing in Settings, and so tap Advanced. Tap App details.
At this signal, you should be taken to the Barcode Scanner's page in the Google Play app. If the folio just keeps loading and nothing comes up, information technology implies there'due south no listing in Google Play. You tin presume yous've got the bad app, and you'll desire to go back a couple of steps to the app listing page in Settings and uninstall the app.
If you do get a Google Play app page, then double-check the app developer's name. It should be right under the app'southward proper name at the pinnacle of the page.
If it the developer proper name says LAVABIRD LTD., then become dorsum to the app listing folio in Settings and uninstall the app. If it says something else, and so it's i of the half-dozen other Barcode Scanner apps and it'due south safe to leave it installed.
- More: Twitter, Instagram and TikTok fissure downwardly on hackers — what you need to know
Source: https://www.tomsguide.com/news/android-rogue-barcode-scanner
Posted by: trapphambethinde.blogspot.com
0 Response to "Android app with over 10 million installs suddenly becomes adware — what to do [updated]"
Post a Comment