19 August 2019
If you are someone who scans documents on a regular basis or had to look for a document scanning app even once, there is a good chance that you have heard or read about CamScanner. It is one of the most popular Android apps for scanning documents using a smartphone with over 100 million installs. And now, recent versions of CamScanner have been found to be infected with malware.
Kaspersky security researchers Igor Golovin and Anton Kivva were the first ones to spot the malicious code and report about the same. Since CamScanner is a decade old app and with a good reputation, it was recently posted negative reviews on Play Store that caught the attention of the duo. These reviews were about the change of behavior from the app that affected the user experience in a negative way.
During their investigation, CamScanner was found to be home to an advertising library with a malicious module called Trojan-Dropper.AndroidOS.Necro.n. This module is said to be similar to a module that was found pre-installed on various Chinese smartphones. It can allow the attacker to not only show intrusive ads on the phone but also make unaware users subscribe to premium subscriptions. In the latter part, those users will not even know about the same until the subscription amount is deducted from their bank accounts. The iOS version of the app seems to be unaffected by the issue as it is still live on Apple's App Store.
The researcher team alerted Google about their finding soon after. This resulted in Google removing CamScanner from the Play Store altogether. This is the reason you will not find it on the store if you will go looking for it. Although, other apps from the developer like CamCard, CamCard Business, and CamCard for Salesforce are still available for download.
The team has further mentioned that it is quite possible that even CamScanner developers were unaware of the malicious module. It can happen when they might have partnered with an advertiser without knowing about the malware aspect. This is exactly what CamScanner has mentioned in its official statement. It said that a third-party advertiser named AdHub was responsible for the same and they are planning to take legal actions against the same.
In the same tweet, CamScaner is asking users to install a fresh build claimed to be free of any malicious module. This is something a user can do if he wishes to but until Google reinstates the app to Play Store, we would not recommend doing so.