You'd better make sure that the barcode- and QR code-scanning app you're using on your smartphone is safe.
Dubai - They lie low, but then they blast you with malicious ads after you're given a false sense of security
Published: Thu 29 Mar 2018, 5:19 PM
Last updated: Thu 29 Mar 2018, 7:22 PM
Are you one of those fond of finding out the details of products using barcode- and QR code-scanning apps?
If so, you might have just been infected with malware.
Tech website Gadgets Now reported on Thursday that 7 apps have been pulled from Google's Play Store, after SophosLabs discovered that these are apparently infected by what is known as the Andr/HiddnAd-AJ malware.
SophosLabs, in its Naked Security blog, described the rogue apps as "blasting you with ads, but only after lying low for a while to lull you into a false sense of security".
"We reported the offending apps to Google, and they've now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads," it added.
Among the apps knocked off were QR Code Free Scan, QR Code Scanner Pro, QR Code Scan Best, QR Code/Barcode Free Scan, QR & Barcode Scanner and Smart QR Scanner, in addition to Smart Compass. The first app, Gadgets Now says, could have been downloaded up to one million times. They were able to bypass security checks, thanks to the way it was coded.
Apparently, none of these apps are available on Apple's App Store.
Paul Ducklin, the author of the article in the Naked Security blog, detailed the modus operandi of these apps.
The apps were masquerading as garden-variety QR code readers. "In other words, if you were just trying out apps for fun, or for a one-off purpose, you'd be inclined to judge them by their own descriptions." The perpertrators behind these apps, didn't fire up the adware part of their apps immediately; instead, it stayed there "innocently for a few hours before unleashing a barrage of ads".
"The adware part of each app was embedded in what looks at first sight like a standard Android programming library that was itself embedded in the app," he wrote.
"By adding an innocent-looking 'graphics' subcomponent to a collection of programming routines that you'd expect to find in a regular Android program, the adware engine inside the app is effectively hiding in plain sight."
The malware in these apps not only bombards you with advertising Web pages, but it can also send Android notifications, including clickable links, to lure you into generating ad revenue for the criminals.
Now if you do have any of these apps installed on your device, it is obviously advisable to remove them immediately. Additionally, there are mobile apps that help protect your devices against malware and other attacks.
And one more word of advise: all the apps involved in this fiasco are free, and cyber-criminals always use this 'free' feature in order to lure unsuspecting victims. Do your homework before accepting apps into your digital fold.
- alvin@khaleejtimes.com
iPhone | iPad
Android
Huawei
