Android barcode scanner with 10 million+ downloads infects users

by
Dan Goodin
from Ars Technica - All content on (#5DXYV)
android-malware.jpg

Enlarge (credit: portal gda / Flickr)

A benign barcode scanner with more than 10 million downloads from Google Play has been caught receiving an upgrade that turned it to the dark side, prompting the search-and-advertising giant to remove it.

Barcode Scanner, one of dozens of such apps available in the official Google app repository, began its life as a legitimate offering. Then in late December, researchers with security firm Malwarebytes began receiving messages from customers complaining that ads were opening out of nowhere on their default browser.

One update is all it takes

Malwarebytes mobile malware researcher Nathan Collier was at first puzzled. None of the customers had recently installed any apps, and all the apps they had already installed came from Play, a market that despite its long history of admitting malicious apps remains safer than most third-party sites. Eventually, Collier identified the culprit as the Barcode Scanner. The researcher said an update delivered in December included code that was responsible for the bombardment of ads.

Read 8 remaining paragraphs | Comments

index?i=U7dJqz15pDM:sYtlHeno3Ew:V_sGLiPB index?i=U7dJqz15pDM:sYtlHeno3Ew:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments