Google does a rather good job of policing its Google Play Store to insure that malicious apps don’t make their way to users. Much like life, however, malware finds away past those protections.
Case in point is a rather innocuous app called Barcode Scanner developed by a company called Lavabird which was, up until December, a way to scan QR codes. However, in an update on 4th December, Malwarebytes discovered that the app had been updated to be more nefarious.
Once the update was in place it began serving ads to users by way of incessant pop-ups. A Malwarebytes forum user noted the influx of ads and alerted the cybersecurity firm which investigated.
“In the case of Barcode Scanner, malicious code had been added that was not in previous versions of the app. Furthermore, the added code used heavy obfuscation to avoid detection. To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions. Because of its malign intent, we jumped past our original detection category of Adware straight to Trojan, with the detection of Android/Trojan.HiddenAds.AdQR,” Malwarebytes wrote in a blog.
Upon discovering the malware the firm alerted Google and the Barcode Scanner app was removed from the Play Store.
Unfortunately, this doesn’t help the 10 000 000+ people that have the app installed and may have simply forgotten about it.
Was Barcode Scanner hijacked by nefarious individuals or was it created with the intent to become malware all along? We simply don’t know but if the latter is true, it’s mightily concerning.
The company behind the app also doesn’t really inspire a sense of trust.
For one, according to the UK Companies House, Lavabird was incorporated in March 2020. Also, despite being registered in the UK, the only director for the firm, Dmytro Kizema, is based in the Ukraine. Sure, folks from the Ukraine can register a business in the UK but when one does it and an app from the company is found to have malware, folks are going to get suspicious.
The Lavabird website is also as generic as they come with only an email address available should you want to contact the firm.
Other apps from the developer include an app that will “instantly speed up your phone”, a web-browser and a keyboard.
We recommend avoiding those applications and looking for alternatives. Except for the “instantly speed up your phone” app, those sorts of apps are often just loaded with adware and will likely slow your handset down more than it will speed things up. If you really want to speed your handset up remove old apps, clean up your photos or backup your device and perform a factory data reset.
Until we know more about Lavabird, perhaps avoid the developer’s apps.
[Image – CC 0 Pixabay]