Malware Hidden in QR-Reader Apps Infects Android Devices

Malware hiding within apps is nothing new to the industry, but the latest occurrence has a focus on QR-Code readers – and worst of all, the malware itself is smart. This begs the question, how do you prevent your phone from being a casualty?

One way to ward off malicious apps is to download a third-party security app such as dfndr security, which includes a full-virus scan feature. A scan of your Android device will do a deep dive into your files and even your SD card. Worried that you might forget to scan your phone regularly? Not a problem, just use scheduled scans which can run while you’re asleep.

Read More: Is it Safe to Download Apps Outside of Google Play?

In this latest case of infected apps, a piece of malware known as ‘Andr/HiddnAd-AJ’ (try to say that ten times fast) was able to load itself onto a number of apps designed to read QR-Codes. Apps infested with the malware included: QR Code / Barcode Reader, QR Code Free Scanner, and QR & Barcode Scanner. There were a total of seven apps infected, and the malicious apps were downloaded over 500,000 times before being pulled by the Google Play Store.

We know how hard it can be to avoid malware in a world filled with it, but here are a few tips to get you started on a safer journey through the endless world of Android apps.

Download Only Official Sources
We’re aware that this point may appear moot as we noted that the infected apps came from the official Google Play Store, but even though an official source may not be 100% clean, it’s still much safer than downloading an app elsewhere. Despite missing the occasional piece of malware, Google has quite a positive record of keeping their ecosystem clean from the mess.

Avoid Apps From the Web
As you can infer from our last comment, you’re best to avoid downloading apps directly from the Internet or something you found on social media. These apps are more likely to be infected with dangerous malware and are typically prefaced with a request to turn off a security feature to allow app installations from ‘unofficial sources.’ Take this as an immediate red flag and don’t download.

Watch Those Permissions
Once you’ve downloaded an app from an official source such as Google Play or Amazon App Store, try to remain aware. Legitimate apps ask for permissions to access certain parts of your system. In some circumstances, this is normal but use your best judgment. A new email app would request access to your contacts, but why would a QR-Code reader need the same?