ZDNet reported that the popular Barcode Scanner app for Android was recently updated with malicious code to display ads on Android devices. This app had over 10 million downloads and had been popular for years. The unexpected ads appeared after a software update on December 4, 2020. Security researchers analyzed the Dec 4th update, and found that malicious code was heavily concealed and pushed to devices. The code was signed with the same security certificate used in past, clean versions of the Android app. These findings were reported to Google by Malwarebytes, resulting in the app’s removal from the Google Play store.
As the malware has now been pulled from the play store by Google, Binary Defense recommends that all users who previously used the app uninstall the app from their Android device. Additionally, Binary Defense recommends deploying some form of security software for Android devices, such as Microsoft Defender for Endpoint for Android.
Read more on ZDNet: https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/