An Update Turned This App Into Malware. Were You Affected?

Almost 10 million devices have been compromised by a popular scanning app.

Lavabird Ltd’s Barcode Scanner was a popular barcode and QR code scanner downloaded to almost 10 million devices from the Google Play Store.  Android devices, unlike newer generation Apple products, do not have a built in QR code scanner or a barcode reader, making an app like Lavabird’s a must have for many consumers.  Unlike some malicious apps, Lavabird’s Barcode Scanner had been on Google’s official app store for years. The app had a clean security certificate, thousands of positive reviews, and no obvious malicious code.  This meant that security-conscious consumers, who are aware of potential dangers, downloaded the app believing it was safe.  That made it all the worse when what should have been a routine update transformed the app into malware

Malwarebytes, a cybersecurity company dedicated to identifying and preventing malware infections, began receiving complaints from customers in late December.  These customers were experiencing ads opening themselves using their device’s built in internet browser.  This type of malware, sometimes called “malvertising”, is typically connected with new app installations.  However, those consumers had not downloaded any new apps that could have been causing the problem.  The company eventually discovered that this malware was coming from Lavabird’s Barcode Scanner, which had been operating on these devices without issues for years.

The good news is that, if your device has been infected, uninstalling the app seems to remove the malware as well.  What’s more concerning is the fact that an app was able to build up a large following before discretely pushing a malicious update.  For consumers, this means that doing due diligence on an application prior to downloading it is no longer enough.  So how do you keep your devices and your data safe?

The first step is knowing what apps you have downloaded on your phone. Make a point of deleting apps that you no longer use, and monitor your phone for any changes in performance after an app is downloaded or updated.  If you are a decision-maker at a business that issues ‘work phones’ to employees, consider restricting app downloads and updates so that you can monitor the phone’s performance.  If you’re looking for outside assistance in developing a security plan for your company’s mobile devices, you can always reach out to us at info@optfinITy.com.