Security company Malwarebytes reported that it received emergency calls from Forum customers in late December. The company states that these forum users opened ads from nowhere through their default browser. The strangest thing about the ad serving breakout was that none of them had recently installed apps and all of the installed apps came straight from Google Play.
Google has a notorious history of failing to find all malicious apps on Google Play. Hence, using only the official Google Play Store does not preclude you from getting infected with malicious apps. Malwarebytes says One of his form users, Anon00, discovered that the ads came from a long-installed app called the Barcode Scanner.
The app has been installed over 10 million times from Google Play. Malwarebytes said it quickly added the detection and Google removed the app from the store. Many users have been using the app on their mobile devices for a long time, including one that has had the app installed for years. According to an update released in December, the barcode scanner assumed exactly what it claimed to complete malware.
The update was believed to be released on December 4, 2020. According to Malwarebytes, most of the free apps on Google Play contain in-app advertising with an ad SDK. The security company says every now and then that an ad SDK can change and add something there that makes it aggressive. Malwarebytes understands that in this case, it’s not the app developers who are to blame, but the SDK company, but that wasn’t the case with the barcode scanner.
In this case, malicious code was added that was not in the previous version of the app and heavy obfuscation was used to avoid detection. It has been confirmed to be offered by the same developer as it uses the same digital certificate used in previous clean versions. The barcode scanner has been removed from Google Play, but it could still be on millions of Android devices.