CamScanner, the popular PDF creator app, with 100 million downloads in the Google Play Store, has been compromised. Researchers at Kaspersky announced finding a module within the app that acted as a Trojan Dropper. This potentially allows attackers to remotely download and install malicious programs without a users’ knowledge.
The discovery of malware by Kaspersky security researchers, came to light after an influx of CamScanner users reporting suspicious behavior and posting negative reviews over the past couple of months.
The malicious module isn’t found directly in the code of CamScanner but in a 3rd-party advertising library, recently introduced in the app. Google removed the app from its official Play Store. CamScanner announced that they have removed this code library, and it is possible for you to download the updated version from the CamScanner website. But as of September 1, 2019 the App isn’t found on the Google Play Store.
Of note, the paid version of CamScanner never included 3rd-party advertising, and, was not affected by this hack. The paid version of CamScanner is still available on the Google Play Store, for those who aren’t comfortable installing apps from third parties.
Google has been stepping up efforts to remove apps potentially harmful to users from the Play Store, but legitimate apps can turn nasty without notice. And we’ve seen major exploits like a two year old vulnerability on iOS meaning it’s not just apps, but potentially operating system level flaws for users to be wary of. More details of the Trojan Dropper malware and a full list of indicators that your device was compromised can be found in the report by Kaspersky.