The very famous document scanning app, Camscanner which was pretty much used by a wide range of people, right from students to working class, has been detected with a serious malware in its recent versions, by researchers from Kaspersky Lab, after they were alerted to ‘suspicious behavior’ in the free version of the popular app.
It was apparently harboring an advertising library containing a malicious module that the Kaspersky researchers identified as ‘Trojan-Dropper.AndroidOS.Necro.n.’ Lets understand this closely.
The Trojan Downloader and the Damage It Could Do
With over 100 million downloads on Google Playstore and Appstore, the very famous and useful document scanning app, Camscanner was detected with the presence of a malicious module that then pushed ads or downloaded apps surreptitiously onto compromised Android devices of the users.
This was discovered by the researchers of Kaspersky Labs, after they were alerted to ‘suspicious behavior’ in the free version of the app, following a rash of negative reviews left by users to avoid using the app. This malicious module was identified to be ‘Trojan-Dropper.AndroidOS.Necro.n.’
It is Trojan Dropper module, which means that it can extract and run a second malicious component from an encrypted file included in the app’s resources. It is in turn a Trojan downloader that can be leveraged to infect the devices with other kinds of malware. An app with this malicious code may show intrusive ads and sign users up for paid subscriptions, as per Kasperby.
This ‘Trojan Dropper.AndroidOS.Necro.n’ carries out the main task of the malware: to download and launch a payload from malicious servers, due to which the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account.
However, CamScanner was a pretty good app that offered notable functionality. While it displayed ads for generating revenue, there were options for in-app purchases and buying a License separately for eliminating ads. It had no such intentions.
Google Playstore Needs to Level Up its Safety
The notable thing here is that the malware module was spotted only on the Android version of the app and it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies.
Due to this, the CamScanner app has been removed from the Google Play Store. Although Kaspersky reports that the app’s developers removed the malicious code with the latest update, since the apps’ version varies for different devices, it is recommended that one uninstalls it as their device might have an older version of that app that contains the Trojan Dropper malware module.
This latest incident of malware detection in Google Playstore, marks another sketchy place for the latter, making it easier to get past Google’s app vetting process. Although the antivirus efforts have resulted in the removal of hundreds of thousands of harmful apps, the security layer has not been entirely bulletproof to offer protection from all sorts of malware.
In fact, this isn’t the 1st time an app has slipped past through the Google Play Store’s app vetting process. One must themselves be careful while installing an app on their device. Be sure to check their permissions, reviews, and install them only if it’s absolutely essential for your day-to-day needs.