"With One Update, This Malicious Android App Hijacked Millions of Devices"
Researchers at Malwarebytes have discovered that a popular barcode scanner app on Google Play was transformed into malware by adversaries. Lavabird Ltd.'s Barcode Scanner was an Android app available on Google's official app repository for years. The app accounted for over 10 million installs, offered a QR code reader and a barcode generator. The mobile application appeared to be legitimate, trustworthy software, with many users having installed the app years ago without any problems, until recently. Many users of the application have recently started to complain of adverts appearing unexpectedly on their Android devices. A software update issued on roughly December 4, 2020, changed the app's functions to push advertising without warning and was heavily concealed to avoid detection. Malwarebytes reported its findings to Google, and they have now pulled the app from Google Play. Users of the application need to uninstall the now-malicious app from their mobile devices manually.
ZDNet reports: "With One Update, This Malicious Android App Hijacked Millions of Devices"