Yes, adventurous boys and girls, we’re afraid it’s that time of the yearmonth week (?!) again. Unfortunately, it has become all too common in recent months years for security researchers to discover seemingly harmless, often useful-looking, and sometimes very popular Android apps spreading dangerous malware behind the scenes, with the latest such revelation arriving roughly 10 days after the previous one.
That’s a pretty bad look for Google, which is clearly not doing enough to keep its own Play Store clean of the worst imaginable threats to the privacy and finances of millions of users around the world.
New day, new danger, new method of avoiding attention
Just like that Fast Cleaner title we urged you to delete from your Android device last week, “QR Code & Barcode – Scanner” was also freely disseminated to tens of thousands of people through Big G’s official digital distribution platform until and even after its true malicious nature came out in a Cleafy report.
In addition to the inexplicably long time it took (according to Tom’s Guide) for the app to disappear from Google Play, which it ultimately did, it’s also extremely unsettling to hear that the user reviews were overwhelmingly positive at the time of said app store removal.
Such a scary picture for so many different reasons…
That either means the bulk of those reviews were fake, or perhaps even more worryingly, that the app’s developers actually invested their time and know-how into making it useful and functional while very carefully hiding its real intentions.
Bad reviews and a poor overall user rating are one of the biggest red flags generally associated with trojans and other types of malware, so if this app managed to circumvent that easy filtering method, many of the endangered users may not have been particularly adventurous or careless in the first place.
The long road back to safety
No matter how you were fooled, it’s important to look forward now and take all the necessary steps to protect your financial and personal information. Obviously, the first thing you’ll want to do is uninstall the generically named app… after making sure not to mistake it for Gamma Play’s totally legit and hugely popular QR & Barcode Scanner or Simple Design’s extremely well-reviewed “QR Scanner: Barcode Scanner & QR Code Scanner.”
As you can imagine, that common and very easy-to-mistake title was part of the ploy devised by “QR BarCode Scanner Business LLC”, which is unsurprisingly not a real company either.
For what it’s worth, the app never crossed the 50,000 install barrier, but the 10,000+ users who did download it may want to get in touch with their bank as soon as possible, check their recent financial statements for fishy transactions, and change their passwords and other login credentials.
Android users in more and more regions are being threatened by this banking trojan.
Dubbed TeaBot, the trojan found hiding inside this app (and a number of others last year) is believed to be targeting banks in the US and Hong Kong in addition to Europe, as well as cryptocurrency wallets and exchange services.
While we don’t want you to get too scared and end up stashing all your money under your mattress, you might not be completely safe from this threat even if you use two-factor authentication for all your home and mobile banking operations.
That’s because TeaBot can gain unauthorized access to your text messages and 2FA codes as well once it breaks into your phone via a fake update to an app like “QR Code & Barcode – Scanner.” And that, our friends, is why you should generally stick to the most downloaded Google Play titles across categories like “productivity” or “tools.”