Despite all the assurance of Google Protect and reinforced checks, the Google Play Pass is not immune to unpleasant surprises. According to Malwarebytes, the Barcode Scanner app, which can be found on the Play Store and in particular in the Play Pass offer, supposed to be free from any reproach, has managed to slip malware into smartphones.
Very clever are those who manage to slip through the cracks of cybersecurity nets! Despite all the precautions taken, the Google Play Store is far from a haven for non-attentive users. And even when they have guarantees – hello Google Protect -, mobile applications containing malwares and other viruses are on the lookout to invade smartphones.
Malware installed with the latest update
This is the bad surprise that some owners of Android smartphones have recently had with a mobile application yet stamped Google Play Pass, the new service from Google allowing access to some 500 apps and games without ads and in premium version for a fixed price. monthly. Apps meant to be verified and secure. And yet, the Malwarebytes company, relayed by Android Police, found an app full of malwares.
Barcode Scanner is however a popular app, which displays more than 10 million downloads on the Play Store and which is part of the sacrosanct Play Pass. And yet, several Malwarebytes forum users have reported strange phone behavior since the app’s last update in December. The browser launches on its own and displays sites to install a cleaner application due to a security issue. Obviously totally non-existent problem.
A voluntary action by the developer
With millions of downloads, Barcode scanner is one of the most popular apps on the Play Store and has never experienced any issues so far. The barcode and QR Code scanning tool appears to have belonged in the past to an Indian company of the same name before switching to another company called Lavabird Ltd.
According to Malwarebytes, it is actually a Trojan horse that installed malicious code with the update, causing the browser to open unexpectedly. The problem arose instantly after installing the update or the app if it had been downloaded in early December.
And that doesn’t seem to be due to an advertising SDK going awry without the developer’s knowledge. The company specializing in antivirus explains that the design of the code also included a system so as not to be detected by Google. The app’s digital certificate clearly indicates that the update has been signed by the app developer. ” Malicious intent Volunteer for Malwarebytes who reported the problem to Google.
The QR Code scanner app has since been removed from the Play Store, but its developer’s account remains active and offers other services. Above all, the app cannot be deactivated for smartphones on which it is already installed. Themalwarecontinues to make its way in the device.