How to Determine Which Barcode Scanner Is Malicious for Android
“When good apps turn bad,” seems to be called the digital game today. The Great Suspender browser extension recently revealed its true colors, and has now been joined in the purgatory of malware by the long-time favorite Android app, Barcode Scanner, despite having been installed over 10 million times.
Our usual tip applies, with one important caveat: if you’ve installed a barcode scanner on your Android device and Google hasn’t uninstalled the app on your behalf yet, now is the time to get rid of it. However, make sure you get rid of what you want. A recent report from Malwarebytes describes Lavabird’s Barcode Scanner app :
“… in the case of the barcode scanner, a malicious code was added that was not present in previous versions of the application. Also, the added code used strong obfuscation to avoid detection. To ensure this is from the same developer of the app, we have verified that it was signed with the same digital certificate as the previous blank versions. Because of his malicious intent, we moved from our original adware detection category straight to Trojans with Android / Trojan.HiddenAds.AdQR detection. “
There is another ZXing Barcode Scanner that is malware-free (at the time of this writing). You are probably thinking of the Barcode Scanner app, as it has been available for Android for almost as long as the operating system has existed. It can be used even if it gets hellish reviews because people think it is a malicious app of the same name. Sigh.
How can you check which is which? If you can’t tell by the app icon, you can always go to Settings> Apps & Notifications> See All … Apps> Barcode Scanner and then tap More> About app “ to go to the list in the Google Play store. (The steps may vary slightly for your specific Android device.) If the list does not exist in the Google Play Store, then you have a bad Barcode Scanner application and you should uninstall it right now.
And if you’re wondering, is there anything you can do about the malware-filled Barcode Scanner app? Not really. If an app has been on the Google Play store for a long time, offers useful services, and has not been a problem for many years, then there is nothing to tell you about the developer’s intention to take full advantage. this good will to vile means.
Of course, you will notice something strange when your device starts up – in this case, the browser launches without any interaction from you – but it will be difficult to determine what is causing this problem. Generally speaking, you’ll want to see which of your apps were recently updated and start digging around, but it’s also possible that an app updated a few months ago is just now running some kind of malware engine or other shadow practice (hoping it’s not caught).
It probably wouldn’t hurt to install an application like Malwarebytes Anti-Malware and run it from time to time; it can at least alert you if apps on your device start to act suspiciously. You don’t even need the premium version of the app: regular free scans (along with the app’s privacy audit feature) will do. You might also want to consider Sophos Intercept X , Avast’s ad – filled antivirus, and a host of others.
While I believe it is a rare situation for an app to get scammed, and probably one that doesn’t guarantee a real-time scanner is running on your device, it never hurts to have multiple such tools just in case your phone starts doing that. something strange. If so, do a scan, check which apps were recently updated, and do your own web search to see if you can pinpoint the problem. Chances are, if your phone is sending out spam, the app is to blame.