The most popular app for document scanning and sharing is the CamScanner. But recently, Kaspersky has found a malware inside the CamScanner app.
What is CamScanner?
CamScanner is the most popular mobile app for document scanning and sharing. It is downloaded over 100 Million+ downloads. Even it is more popular than Google Drive, Microsoft’s oneNote and Apple notes. It lets you scan and organise documents and can even share them.
CamScanner comes in 2 versions: free and paid. Free version contains ads and has a limited features. Paid version had no ads and has full features.
What’s malware story?
This is a legitimate app but contains an adware library (or simply software for showing ads) claimed Kaspersky in its security Blog. But recently, the newer version of the app contains a malware.
The hidden malware is in a module of the advertising library. The malicious module Trojan-Dropper.AndroidOS.Necro.n is a Trojan dropper i.e. it downloads more malicious modules (depending on its what its creator/code).It can extract and run the encrypted file in the app’s resources.
“For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions” said Kaspersky.
Update
After Kaspersky founded the malware, they contacted Google and CamScanner. Google has removed the CamScanner from the play store. CamScanner hadn’t responded yet.
If I have already downloaded it
If you have CamScanner already installed in you device, then you can download all of your data and uninstall it.
*What we can learn from this story is that any app — even one from an official store, even one with a good reputation, and even one with millions of positive reviews and a big, loyal user base —can turn into malware overnight,” the researchers concluded
