New day, new danger, new method of avoiding attention
Just like that Fast Cleaner title we urged you to delete from your Android device last week, "QR Code & Barcode - Scanner" was also freely disseminated to tens of thousands of people through Big G's official digital distribution platform until and even after its true malicious nature came out in a Cleafy report.In addition to the inexplicably long time it took (according to Tom's Guide) for the app to disappear from Google Play, which it ultimately did, it's also extremely unsettling to hear that the user reviews were overwhelmingly positive at the time of said app store removal.
Such a scary picture for so many different reasons...
That either means the bulk of those reviews were fake, or perhaps even more worryingly, that the app's developers actually invested their time and know-how into making it useful and functional while very carefully hiding its real intentions.
Bad reviews and a poor overall user rating are one of the biggest red flags generally associated with trojans and other types of malware, so if this app managed to circumvent that easy filtering method, many of the endangered users may not have been particularly adventurous or careless in the first place.
The long road back to safety
No matter how you were fooled, it's important to look forward now and take all the necessary steps to protect your financial and personal information. Obviously, the first thing you'll want to do is uninstall the generically named app... after making sure not to mistake it for Gamma Play's totally legit and hugely popular QR & Barcode Scanner or Simple Design's extremely well-reviewed "QR Scanner: Barcode Scanner & QR Code Scanner."As you can imagine, that common and very easy-to-mistake title was part of the ploy devised by "QR BarCode Scanner Business LLC", which is unsurprisingly not a real company either.
For what it's worth, the app never crossed the 50,000 install barrier, but the 10,000+ users who did download it may want to get in touch with their bank as soon as possible, check their recent financial statements for fishy transactions, and change their passwords and other login credentials.
Android users in more and more regions are being threatened by this banking trojan.
Dubbed TeaBot, the trojan found hiding inside this app (and a number of others last year) is believed to be targeting banks in the US and Hong Kong in addition to Europe, as well as cryptocurrency wallets and exchange services.While we don't want you to get too scared and end up stashing all your money under your mattress, you might not be completely safe from this threat even if you use two-factor authentication for all your home and mobile banking operations.
That's because TeaBot can gain unauthorized access to your text messages and 2FA codes as well once it breaks into your phone via a fake update to an app like "QR Code & Barcode - Scanner." And that, our friends, is why you should generally stick to the most downloaded Google Play titles across categories like "productivity" or "tools."
View Full BioAdrian, a mobile technology enthusiast since the Nokia 3310 era, has been a dynamic presence in the tech journalism field, contributing to Android Authority, Digital Trends, and Pocketnow before joining PhoneArena in 2018. His expertise spans across various platforms, with a particular fondness for the diversity of the Android ecosystem. Despite the challenges of balancing full-time parenthood with his work, Adrian's passion for tech trends, running, and movies keeps him energized. His commitment to mid-range smartphones has led to an eclectic collection of devices, saved from personal bankruptcy by his preference for 'adequate' over 'overpriced'.
ncG1vNJzZmivp6x7sbTOp5yaqpWjrm%2BvzqZmp52nqHylscueq55lpJ22tHnAp5urp5mZeqK8z2aZnp6fp7JutdNmqq2dkaHAbsXOrqlmpZ%2BjsrqryJ1obHBoaIQ%3D