- CamScanner contained malware and got removed from play Store.
- They explained what happened and why the app is no longer available.
- Harboring a Trojan malware, which was apparently provided by a third-party.
It was acknowledged by CamScanner that a malicious module was present in the advertisement SDK of CamScanner Version 5.11.7. And apparently, the SDK was provided by a third-party called AdHub and was producing unauthorized ad clicks. The company claims that it will take immediate legal action against AdHub since injection of any suspicious code violates the company’s security policy. Additionally, no evidence of any document leaks has been found after ‘rounds of security checks’. The company has apparently removed all the ad SDKs that are not certified by Google Play and is releasing a new version that can be currently downloaded from the company’s website.
According to the reports, “there is a good chance that you know about the CamScanner app, which is available on both Android and iOS. The ‘Phone PDF Creator’ or ‘Scanner to Scan PDF’s app had over 100 million downloads, before being booted from the Google Play Store. According to the researchers at Kaspersky Labs, they found malware in the recent versions of the popular OCR (optical character recognition) app. Apparently, it was harboring an advertising library containing a malicious module that the Kaspersky researchers identified as ‘Trojan-Dropper.AndroidOS.Necro.n”. As per the report, this particular malware module was previously spotted in a few apps that came preinstalled on some Chinese smartphones. This particular module was spotted only on the Android version of the App it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies.
Hidden malware found in the highly popular — CamScanner — #Android app that has more than 100 million users.https://t.co/AAUJ6o7w5I#Google has removed it from its Play Store. To be safe, users are also recommended to uninstall #CamScanner immediately. pic.twitter.com/0D3i8Uicob
— The Hacker News (@TheHackersNews) August 27, 2019
According to the blog notes of Kaspersky, CamScanner was a pretty good app that offered notable functionality.
There were options for in-app purchases and buying a License separately for eliminating ads. But, the Trojan-Dropper module found within the app is said to extract and run another malicious module from an encrypted file included in the app’s resources.
The Kaspersky blog states, “This dropped malware, in, turn, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions.”