قالب وردپرس درنا توس
Home / Tips and Tricks / Check Your Phone Now – Review Geek

Check Your Phone Now – Review Geek



Last week, we reported that Google had removed a popular Chrome extension because new owners turned it into a malware app. In a disturbingly common rerun, much the same thing has happened to a popular Android app, downloaded millions of times from the Play Store. Out of nowhere, it started displaying malicious ads, and now it̵

7;s gone.

Malwarebytes documents how its forum users started reporting strange pop-up ads and website redirects on their mobile browsers just over a month ago. After some browsing by the service’s staff, it was determined that a December 4 update of “Barcode Scanner” by Lavabird LTD had started shifting ads for unnecessary (and potentially fraudulent) security servers to its millions of users.

Malwarebytes has warned Google and the listing for the app has been removed from the Play Store, but it has reportedly not been removed remotely from the affected users’ phones (as was the case with the Chrome extension). Presumably, the app has bypassed the Play Store’s normally robust set of protections, Google Play Protect, by installing the malicious code as a harmless update rather than starting out as a bogus app: it was used harmlessly for years before the update.

If your barcode scanner app looks like this, delete it now. Barcode scanner

It is not clear what prompted the change. In the case of The Great Suspender extension, it was clearly the new owners of the service who steered it in a bad way. Before Barcode Scanner, there was no apparent change in ownership or developer behavior that made the app malicious. If you’re wondering what specific canner app it is, it used to run out https://play.google.com/store/apps/details?id=com.qrcodescanner.barcode scanner. Oddly, the developer of that app is still active on the Play Store, with a similar app (not updated since August) still live. It is listed with an identical icon and the (possibly deliberate?) ‘Barcode scanner’ spelling error. The developer information lists Maharashtra, India as the location, with a generic Gmail address and a blank web page. Earlier versions of the app, apparently under the same developer account, showed a harmless WordPress page as a website.

Out of curiosity, I installed the alternative version of the app. It has a privacy policy on that WordPress page with a pretty general disclaimer about showing ads in the app itself, a standard and acceptable practice. I didn’t immediately see the browser hooding behavior described in Malwarebytes’ blog post. Whatever went wrong with the other app, it doesn’t seem to be happening with the duplicate, although it’s not clear why Google didn’t simply destroy all of the developer’s listings.

Google’s efforts to keep Android and Chrome “clean” have been generally excellent so far, despite their inherent vulnerability as open platforms. But vicious actors can be resourceful in their attempts to bypass security, and it seems that updates to long-trusted applications have become something of a blind spot. Google needs to better protect its users on all platforms.

Source: Malwarebytes




Source link