Beware Malware found in Cam Scanner App Free Version
CamScanner a popular app for creating PDF documents was recently reported by the Kaspersky researchers of having a malicious module that shipped with an advertising library. The malicious modue was detected as Trojan Dropper module, which was further identified as "Trojan-Dropper.AndroidOS.Necro.n”, the same module that has been observed in some other Chinese originated apps.
Kaspersky reported the detection to Google, and in action google promptly removed it from the playstore. The details of the the malware is quite horrifying. The malware, once activated, is capable of executing and downloading additional malign files on its own in the background. On CamScanner specifically, the module was programmed to launch intrusive ads across the entire phone. In a few cases, it also signed up users for paid subscriptions without their consent.
Some users came across the app's sketchy behaviour and posted reviews on the Play Store with the intention of preventing them from downloading CamScanner.
Recently CamScanner team has acknowledged that a malicious module was present in the advertisement SDK of CamScanner 5.11.7. This SDK was provided by a third-party called AdHub and was producing unauthorised ad clicks. The company claims that it will take immediate legal action against Adhub since injection of any suspicious code violates the company's security policy. Additionally, no evidence of any document leaks has been found after 'rounds of security checks.' CamScanner has apparently removed all the ad SDKs that are not certified by Google Play and is releasing a new version that can be currently downloaded from the company's website
The torjan dropper module was spotted only on the Android version of the app and it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies. As the Kaspersky blog notes, CamScanner was a pretty good app that offered notable functionality. While it displayed ads for generating revenue, there were options for in-app purchases and buying a License separately for eliminating ads. However, the Trojan Dropper module found within the app is said to extract and run another malicious module from an encrypted file included in the app’s resources.