CamScanner Caught Using Trojan Dropper Malware, App Removed from Play Store

BY Mahit Huilgol

Published 28 Aug 2019

CamScanner is a popular app that lets you scan documents among many other things. Android has removed CamScanner app from Play Store after Kaspersky Labs unearthed malware in the recent version of CamScanner. The researchers found that CamScanner housed an advertising library with a module that was identified as ‘Trojan-Dropper.AndroidOS.Necro.n.’

Kaspersky researchers took a deep dive into the app after several negative reviews and user ratings. Interestingly this is not the first time malicious modules have been found installed on Android devices. In 2018 the malicious modules were installed in more than 100-budget Android devices, a steep rise from more than 24 device models in 2016.

Apart from pushing ads to users, the threat actors also installed unwanted apps covertly. We all knew CamScanner as a legit app that made money with in-app purchases. However, Kaspersky suggests that this changed and recent versions are being shipped with an advertising library containing a malicious module.

The Trojan-Dropper.AndroidOS.Necro.n is a Trojan-Dropper that uses a malware strain to install a Trojan-Downloader on infected devices. Once the CamScanner app is launched, the dropper executes malicious code contained within a mutter.zip file as discovered in the app’s resources. As stated earlier Google has already removed the app from Play Store, however, the company seems to have removed the malicious code with a new update. It is worth noting that CamScanner had amassed more than 100 million downloads on Google Play Store.

Wondering why malicious advertisements are evil? Well, researchers found that module owners can use the infected device as they see fit. In other words, they can show intrusive adds and steal money from users mobile account by charging paid subscriptions. Please uninstall CamScanner and other apps that are installed by the malware.

[via Kaspersky]