Cyber Security Center

CamScanner app for Android found to distribute malware


Android app CamScanner was found to deliver malware to millions of its users.

Screenshot (23)

Developed by Shanghai-based company CC Intelligence, CamScanner is an Android app used to scan documents/images and create PDFs. It’s a highly popular app with more than 100 million downloads. It has been available since 2015 and has more than a million reviews. In short, it’s completely legitimate. Nevertheless, it was found to have delivered malware to its millions of users.

Security company Kaspersky has noticed that recent versions of the app contained a new advertising library with a Trojan in it. The module is detected as Trojan-Dropper.AndroidOS.Necro.n by Kaspersky anti-malware software.

“As the name suggests, the module is a Trojan Dropper. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment,” Kaspersky says in a blog post.

Kaspersky also notes that infected apps could show users intrusive advertisements and sign them up for paid subscription services.

The app was taken down by Google soon after reports about malware started emerging. However, it seems that the developers behind the app have removed the malware and uploaded a clean version.

Malware in Google Play Store is not that uncommon

Security experts always say that users should download apps only from legitimate app stores like Google Play or Apple’s App Store as that reduces the chances of infecting their devices with malware. However, it’s becoming increasingly more clear that just because an app is available on an official store, it doe not mean that it’s completely safe. While Google does its best to ensure no malware, spyware or any other kind of infection is hosted on the Play Store, it’s not always successful.

Users are also always encouraged to check reviews, look into the developer, etc., before downloading apps, but in this case, it would not have helped. CamScanner is developed by a known company, has more than 100 million downloads, and more than 1 million reviews. It’s a completely legitimate app, and it still was turned into malware. For situations like this, the only solution would be installing a security tool on the device. There are plenty of anti-virus programs available for Android phones, and it may be worth looking into them.