Popular CamScanner app for Android infected with nasty malware

Joanna Estrada
August 30, 2019

Security researchers at Kaspersky discovered malware in various versions of the Android app "CamScanner" that were published to the Google Play store in June and July.

"The "Trojan-Dropper.AndroidOS.Necro.na" functions carry out the main task of the malware: to download and launch a payload from malicious servers".

According to its official description, Camscanner scans documents using optical character recognition (OCR) and converts them into PDF files. Some users of the CamScanner app had already spotted suspicious behavior and left reviews on the app's Google Play page with warnings to avoid the app. Kaspersky Lab informed Google of this vulnerability in CamScanner and the app has now been removed from Play Store. With this Trojan Dropper module, a particular app may show intrusive ads and sign users up for paid subscriptions.

This complexity in design, together with the hidden nature of the ad clicking, allowed the apps' malicious activities to go unnoticed on Google Play for almost a year.

Android has an uphill battle keeping malware and adware off its Play Store - especially compared with Apple's App Store for iO - because of its open ecosystem. Interestingly, the harmful code found on the app's recent versions is known to come pre-installed on Chinese phones.

"The problem is that even such a powerful company as Google can't thoroughly check millions of apps", researchers said in a statement.

If you have automatic updates enabled for your apps, which many people do, there is a chance you have a version of CamScanner containing malware on your device.

It's highly recommended mobile users use antivirus for Android apps. This malicious malware which is capable of producing unauthorized ad clicks is supplied by one of their advertisement partners called Adhoc. Microsoft Office Lens also supports all the feature you'd need from a document scanning app. Kaspersky later noted that the app developers also managed to remove the malware via a few more recent updates.

Google Play Store is often reported to harbour malicious Android apps which users often fall prey to.

The two researchers explain today that keeping the ads invisible to the user is possible by positioning the Toast object outside the viewable screen area.

Other reports by Click Lancashire

Discuss This Article