{"id":173638,"date":"2021-02-08T19:34:23","date_gmt":"2021-02-08T16:34:23","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/check-your-phone-now-review-geek\/"},"modified":"2021-02-08T19:34:23","modified_gmt":"2021-02-08T16:34:23","slug":"check-your-phone-now-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/check-your-phone-now-review-geek\/","title":{"rendered":"#Check Your Phone Now \u2013 Review Geek"},"content":{"rendered":"

“#Check Your Phone Now \u2013 Review Geek”<\/strong><\/p>\n

\n\"\"<\/p>\n

Last week we reported that Google had removed a popular Chrome extension because new owners turned it into a malware app. In a disturbingly common repeat, pretty much the same thing has happened with a popular Android app, which was download<\/a>ed millions of times on the Play Store. Out of nowhere it started serving malicious ads, and now it\u2019s gone.<\/p>\n

Malwarebytes documents<\/a> how its forum users started reported seeing odd pop-up advertisements and website redirects in their mobile browsers a little more than a month ago. After some snooping by the service\u2019s staff, it was determined that a December 4th update to \u201cBarcode Scanner\u201d by Lavabird LTD had started shoving ads for unnecessary (and possibly fraudulent) security servers to its millions of users.<\/p>\n

Malwarebytes alerted Google and the listing for the app has been removed from the Play Store, but reportedly, it has not been remotely uninstalled from affected users\u2019 phones (as was the case with the Chrome extension). Presumably, the app slipped by the Play Store\u2019s normally robust suite of protections, Google Play Protect, by installing the malicious code as an innocuous update instead of starting as a phony app: it had been used harmlessly for years before the update.<\/p>\n

\"\"
If your barcode scanner app looks like this, uninstall it right now. Barcode Scanner<\/span><\/figcaption><\/figure>\n

It isn\u2019t clear what prompted the change. In the case of The Great Suspender extension, it was obviously new owners of the service that steered it down a bad road. For Barcode Scanner, there was no obvious change in ownership or developer behavior that turned the app malicious. If you\u2019re wondering which specific canner app it is, it was formerly at\u00a0https:\/\/play.google.com\/store\/apps\/details?id=com.qrcodescanner.barcodescanner.\u00a0<\/em>Oddly, the developer of that app is still active on the Play Store, with a similar app (not updated since August) still live<\/a>. It\u2019s listed with an identical icon, and the (possibly deliberate?) misspelling of \u201cbarcod scanner.\u201d Its developer info lists Maharashtra, India as the location, with a generic Gmail address and a blank web page. Previous versions of the app, apparently under the same developer account, showed an innocuous WordPress page<\/a>\u00a0as its website.<\/p>\n

Out of curiosity, I installed the alternate version of the app. It lists a privacy policy on that WordPress page that has a fairly rote disclaimer about serving up ads within the app itself, a standard and acceptable practice. I didn\u2019t immedia<\/a>tely see the browser hijacking behavior described in Malwarebytes\u2019 blog post. Whatever went wrong with the other app, it doesn\u2019t seem to be happening to the duplicate, though it isn\u2019t clear why Google didn\u2019t simply nuke all of the developer\u2019s listings.<\/p>\n

Google\u2019s efforts to keep Android and Chrome \u201cclean\u201d have been generally sterling thus far<\/a>, despite their inherent vulnerability as open platforms. But scurrilous actors can be ingenious in their efforts to circumvent security, and it seems like updates to long-trusted applications has become something of a blind spot. Google needs to do better to protect its users across all platforms.<\/p>\n

Source: Malwarebytes<\/a><\/small>\n<\/div>\n