Over 100 million downloads from Play Store: so many users have downloaded CamScanner on their devices. The application is among the most famous as regards the utilities dedicated to the document scanning via smartphone or tablet cameras. Today researchers from Kaspersky Lab claim to have identified a malware inside.
CamScanner for Android has malware
A malicious code able to show advertisements in an unauthorized way or to download other applications without first obtaining explicit permission from the user. The analysis was conducted after identifying several negative reviews written by those who downloaded the free edition, with reports of anomalous behavior. This is the team's statement Kaspersky Lab.
For a long time, CamScanner was in all respects a legitimate application, without bad intentions. He used advertising to monetize, as well as in-app purchases. Then, at some point, this changed and a recent version came with a library of advertisements containing a malicious module.
The effects of the Trojan dropper
The threat in question is Trojan-Dropper.AndroidOS.Necro.n, defined as a trojan dropper, able to extract and execute a malicious component from within the application itself, possibly downloading others. Once started, CamScanner extracts and launches code contained in a file called mutter.zip to then receive others from a remote server.
The dangers for users range from viewing inappropriate advertising a data subtraction or personal information, including payment methods.
Google intervened on the issue by removing the app from the store following the report. The developer has in any case eliminated the malicious code from the last version which, at this point, is not given to know if it will be available again to Android users. That said, the alternatives on Play Store for scanning documents certainly are not lacking.