Update: CamScanner has acknowledged that a malicious module was present in the advertisement SDK of CamScanner Version 5.11.7. The SDK was apparently provided by a third-party called AdHub and was producing unauthorised ad clicks. The company claims that it will take immediate legal action against Adhub since injection of any suspicious code violates the company's security policy. Additionally, no evidence of any document leaks has been found after 'rounds of security checks.' CamScanner has apparently removed all the ad SDKs that are not certified by Google Play and is releasing a new version that can be currently downloaded from the company's website.
There’s a good chance that you know about the CamScanner app, which is available on both Android and iOS. The ‘Phone PDF Creator’ or ‘Scanner to Scan PDFs’ app had over 100 million downloads, before being booted from the Google Play Store. Researchers at Kaspersky Labs found a malware in the recent versions of the popular OCR (optical character recognition) app. It was apparently harbouring an advertising library containing a malicious module that the Kaspersky researchers identified as ‘Trojan-Dropper.AndroidOS.Necro.n.’ As per the report, this particular malware module was previously spotted in a few apps that came preinstalled on some Chinese smartphones.
The malware module was spotted only on the Android version of the app and it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies. As the Kaspersky blog notes, CamScanner was a pretty good app that offered notable functionality. While it displayed ads for generating revenue, there were options for in-app purchases and buying a License separately for eliminating ads. However, the Trojan Dropper module found within the app is said to extract and run another malicious module from an encrypted file included in the app’s resources.
An overview of how the CamScanner app works
“This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” the Kaspersky blog states. We checked to find that the CamScanner app has been removed from the Google Play Store. However, Kaspersky reports that the app’s developers removed the malicious code with the latest update. However, since the apps’ version varies for different devices, it is recommended that one uninstalls it as their device might have an older version of that app that contains the Trojan Dropper malware module.
This is not the first time an app has slipped past through the Google Play Store’s app vetting process. While it can also be difficult to keep up with thousands of apps and their updates that are being released on the platform, Google needs to step up its game if it wants to assure users that the Play Store is the safest place to download Android apps from.