We have often reported malicious Android apps and how Google ends up eradicating those apps from the Play Store. The trend we’ve noticed is that such malware apps always have a low download count. However, today’s story teaches us that even prominent Android apps, with more than 100 million downloads, can have malicious intent.
Researchers at Kaspersky have discovered malware in CamScanner: a PDF-creator app that also converts printed text to machine-encoded text. The app has more than 100 million downloads on the Google Play Store. The malicious component of the app is known as Trojan-Dropper.
This comes after Kaspersky security researchers Igor Golovin and Anton Kivva took a closer look at the Android app following a series of negative reviews on the Google Play Store. According to the report, the app was updated with an advertising library which contained the malicious dropper.
Urgent message to #Android smartphone users 🛎️
If you have 'CamScanner' app installed on your device (just like 100M+ users do) then it's about time to take action. Details & useful tips ⇒ https://t.co/XtlxRVujEH pic.twitter.com/BqWPE7kawK
— Eugene Kaspersky (@e_kaspersky) August 27, 2019
A trojan dropper is a malware strain that can be used by developers to install malicious codes on infected devices. The module, called “Trojan-Dropper.AndroidOS.Necro.n” by the researchers, frequently downloaded encrypted code from a server, then decrypted and executed it on infected devices.
According to the researchers, the module was tasked to launch malicious payloads on the infected device. Further, the module owner can use the infected smartphone to show intrusive advertising as well as “[steal]ing money from their mobile accounts by charging paid subscriptions.”
Just like me, even the researchers thought CamScanner to be “legitimate app, with no malicious intentions whatsoever.” However, the truth is right in front of our eyes.
If you have been using the CamScanner app, we would advise you to uninstall it immediately. Google removed the app from the Play Store following the report, however, as I see the Android app is back on Google Play Store.
While the developers might have removed the malware, the researchers warn that some versions of the app might still include the malware. I would advise you to refrain yourself from installing the latest version.
The incident is likely to raise questions regarding the efficiency of Google’s promise to remove malicious apps from the Google Play Store. Moreover, a report from an antivirus provider company from July noted that Google Play Protect performs worst when trying to identify malware apps.