HomeTech PlusTECH & OTHER NEWSWith one update, this malicious Android app hijacked millions of devices

With one update, this malicious Android app hijacked millions of devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. 

Lavabird Ltd.’s Barcode Scanner was an Android app that had been available on Google’s official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator —  a useful utility for mobile devices. 

The mobile application appeared to be legitimate, trustworthy software, with many users having installed the app years ago without any problems — until recently. 

According to Malwarebytes, users recently started to complain of adverts appearing unexpectedly on their Android devices. It is often the case that unwanted programs, ads, and malvertising are connected with new app installations, but in this example, users reported that they had not installed anything recently. 

Upon investigation, the researchers pinpointed Barcode Scanner as the culprit. 

screenshot-2021-02-08-at-10-46-49.png
Malwarebytes

A software update issued on roughly December 4, 2020, changed the functions of the app to push advertising without warning. While many developers implement ads in their software in order to be able to offer free versions — and paid-for apps simply do not display ads — in recent years, the shift of apps from useful resources to adware overnight is becoming more common. 

“Ad SDKs can come from various third-party companies and provide a source of revenue for the app developer. It’s a win-win situation for everyone,” Malwarebytes noted. “Users get a free app, while the app developers and the ad SDK developers get paid. But every once in a while, an ad SDK company can change something on their end and ads can start getting a bit aggressive.”

Sometimes, ‘aggressive’ advertising practices can be the fault of SDK third-parties — but this was not the case when it comes to Barcode Scanner. Instead, the researchers say that malicious code was pushed in the December update and was heavily concealed to avoid detection.

The update was also signed with the same security certificate used in past, clean versions of the Android application. 

Malwarebytes reported its findings to Google and the tech giant has now pulled the app from Google Play. However, this doesn’t mean that the app will vanish from impacted devices, and so users need to manually uninstall the now-malicious app. 

Transforming clean SDKs into malicious packages is only one method employed to avoid Google Play protection, with time checks, long display times, the compromise of open source libraries used by an app, and dynamic loading also cited as potential ways for attackers to compromise your mobile device.

Another interesting method, spotted by Trend Micro, is the implementation of a motion sensor check. In 2019, Android utility apps were found to contain the Anubis banking Trojan which would only deploy once a user moved their handset. 

ZDNet has reached out to the developer and will update if we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS