If you are one of the millions of users of the popular PDF creator CamScanner you might want to consider removing the app from your smart devices right now. With well over 100 million downloads on the Google Play Store, the free version of the app is incredibly widespread. Analysts from Kaspersky have recently discovered malware code lined up on the basic app that grants a rather awkward opening for hackers to attack Android devices.
First Responders to Security Concerns
Multimedia juggernaut Google already removed CamScanner from their official Play Store. They have also advised users to uninstall the app from their smart devices as soon as they can. So far, the researchers behind the discovery have stated that the malware works as a Trojan drop module. The opening can be easily exploited by remote attackers to download and install payloads without needing the interaction of the user. The module was lodged inside a 3rd-party advertising library that was recently introduced by the author of the app.
The issue was brought to the attention of Kaspersky solutions after they noticed the large numbers of negative reviews on CamScanner Google Play’s page. A lot of people were complaining about the app making phones and tablets work slowly after the latest upgrade was offered. The bad news keeps piling up on this regard since this is not the first time something like this has happened. Most Chinese-manufactured smartphones come with an app such as this one preloaded. Users get stuck with a device that could be attacked at any moment unless they “suspend” the functionality of the app since most of these can’t be removed.
More Details on the Affecting Malware
The name of the file located by Kaspersky solutions is “Trojan-Dropper.AndroidOS.Necro.n.” They already took action by reporting their findings to Google. The company has already removed the app from its store. Regretfully, they have informed that it’s impossible to track down how many users will be affected by the malware at this moment. It’s also hard to make the call and notice it since the dropper is activated after the app launches. It quickly decrypts and executes the code that comes contained in a .zip file stored in the resources folder of the app. The module itself is very harmful, but it works differently on every device. Ads will either bombard you or your financial data will get stolen.
CamScanner developers have done their best to remove the malware from the free version of the app. Google is not exactly bent on allowing the software to be offered again on its platform. The paid version is still in the App Store, and it’s already been certified clean since it doesn’t come with 3rd party library advertisers. Sadly this will keep happening as long the open-source of the code offered for developers on Google works the way it does. There have been other findings such as the app infected with AhMyth open source RAT that was discovered by ESET analysts. There is also the malware campaign spread through the SimBad agent that affected close to 150million users.