- Kaspersky-a cyber Security firm alerted about discoveries of malware in a popular PDF creator Android App known as “CamScanner”.
- A malicious module of Trojan Dropper was injected via third-party advertising library. Some module of the malicious component has also been observed in some pre-installed apps on Chinese smartphones.
- Google removed the app from the play-store, and the developers of the CamScanner App as also addressed the issue and released the new version.
- Users having the CamScanner on their Android Phones should uninstall it for safety and install the latest patched version.
Kaspersky discovered A Trojan Dropper Module In Recent Versions of CamScanner App.
Beware Android Users! If you have free-version of CamScanner app installed on your Android Phones, then you must uninstall it quickly. The security researchers at Kaspersky discovered a hidden Trojan Dropper module known as Trojan-Dropper.AndroidOS.Necro.n in recent version of the app. The app had to go under the lenses of the security firm after many users posted negative review on the Play store and also noticed some unusual behavior.
The Trojan Dropper detected can allow attackers to silently download and install malicious programs on the affected devices. Thus, the device can be controlled by the remote hackers and steal sensitive data stored within.
CamScanner- A Legitimate App having 100+ Million Users
The Security firm says that, CamScanner is a legitimate Android App having more than 100 million downloads on the Google play store. The app has never been detected with any malicious modules earlier, however, in the recent versions of the app had a third-party advertising library that contains a malicious module. The module is named as Trojan-Dropper.AndroidOS.Necro.n. According to the report, the same module was also detected in some pre-installed apps on Chinese smartphones.
The Security Firm Said In The Blog Post
“As the name suggests, the module is a Trojan Dropper. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources,” the post read. CamScanner reportedly has over 100 million downloads in Google Play. Though the malicious code is said to have been removed in the latest version, there still may be some versions of the app that still contain the code.
“This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” also added in the post.
Google Removed the Android App From The PlayStore
After the Kaspersky researchers reported the findings to the Google, the app was quickly removed from the Play Store. But the developers of the CamScanner also removed the malicious code from their app and released the latest version of the CamScanner.
The researchers advise users to uninstall the CamScanner app from their Android Phone. However, the developer may have released the latest version which is free from malicious code but still the fact that users may have different versions installed, so they need to be cautious.
The users having the paid version of the CamScanner are not affected as it is free from third-party advertising library. Thus, they don’t need to uninstall the app.
Although, Google has restricted its norms for apps and also keeps removing any potentially harmful app within the play store, but even legitimate apps can be a target for shipping malicious codes to the users.
Thus, users need to be cautious while downloading any app from the play store, it is better to enable Google Play Protect feature that scans the app within the background and warns users if any malicious stuff detected.
Few Security Tips:
- Users must avoid downloading apps from any third-party link.
- Keep a strong anti-virus app installed on the Android device that regularly scans the device and block any suspicious element.
- Users should restrict the permissions they grant to the third-party apps like the access of camera, contacts, location, gallery and so on.