Google has some policies and checks in place to prevent malware from reaching applications downloaded from the Play Store. However, malicious applications and updates sometimes reach users. Something similar happened recently with an application called Barcode Reader.
According to a recent report by Malware Bytes, the application was loaded with malware via an update. It had over 10,000,000 installations and was being used by users for up to seven years.
Malware Bytes reports that the nefarious update was traced back to December 4, 2020. As soon as the update was implemented, it started serving ads to users through incessant pop-ups. A Malwarebytes forum user watched the ad flow and alerted the cybersecurity company he investigated. As soon as the malware bytes started receiving reports about the malware, he added detection from Google Play and the app was removed immediately.
Malware bytes writes,
In the case of Barcode Scanner, malicious code had been added that was not in previous versions of the app. Furthermore, the added code used heavy obfuscation to avoid detection. To verify this is from the same app developer, we confirmed it had been signed by the same digital certificate as previous clean versions. Because of its malign intent, we jumped past our original detection category of Adware straight to Trojan, with the detection of Android/Trojan.HiddenAds.AdQR.
We still don’t know if the app was hijacked or if it was originally made with malicious intent.