Quote:A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware, according to researchers.
The rogue update to the app occurred in early December, according to researchers. That’s when the app, published by Lavabird, began to violate Google Play’s terms of service by surreptitiously delivering ads without consent.
Tipped by a user, researchers at Malwarebytes explained, the publisher added new heavily obfuscated code to the app that directed the default mobile web browser to launch and serve-up ads – whether the barcode app was active or not. According to a report published Tuesday, the user who reported the issue installed the Barcode App years prior.
“Then all of sudden, after an update in December, Barcode Scanner had gone from an innocent scanner to full on malware!” the report written by Nathan Collier, a senior malware intelligence analyst with Malwarebytes said. “Although Google has already pulled this app, we predict from a cached Google Play webpage that the update occurred on Dec. 4, 2020.”
The most likely explanation for the errant ads would be faulty SDK code, which is commonly used in free, third-party apps to generate revenue. The report makes clear, the SDK code wasn’t the culprit in this instance.
Read more: https://threatpost.com/google-boots-barc...on/163803/
![[-]](https://www.geeks.fyi/images/collapse.png)
