CamScanner removed from Google Play Store
Security researchers from Kaspersky Lab revealed in its recent vulnerability report that Camscanner has been carrying malware
If you are using the CamScanner app on your Android phone then remove it immediately. Researchers at Internet security firm Kaspersky Labs have unearthed a malware in the CamScanner app that is mainly used by people to create PDF. The app has been downloaded in over 100 million Android phones. Interestingly, the CamScanner app is not a malware and it started out as a completely legit Android app.
“CamScanner was actually a legitimate app, with no malicious intentions whatsoever, for quite some time. It used ads for monetization and even allowed in-app purchases,” said Kaspersky Labs in a blog post.
However, the problem is with the recent versions of the CamScanner app. “Recent versions of the app shipped with an advertising library containing a malicious module,” it claimed.
The researchers claimed that the CamScanner app detected a module called “Trojan-Dropper.AndroidOS.Necro.n”. “The module is a Trojan Dropper that means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment,” explained the report. With this Trojan Dropper module, a particular app may show intrusive ads and sign users up for paid subscriptions.
To be precise, the Kaspersky researchers found that latest versions of the CamScanner came with a malevolent Trojan Dropper module which could potentially show intrusive ads and signed up its users for paid subscriptions without their knowledge.
Google has removed the app from the Android app store and users are recommended that they uninstall the app immediately.
Meanwhile, Google has made some silent changes for publishing new Android app on the Google Play store. Google has now made it mandatory that all new Android apps would need at least three days for approval. This means you simply cannot publish your Android app instantly on Google Play. Also, the developers will not be given any specific date or time frame as to when the “approval process” would get over. The reason for this minimum three days approval process is “to help better protect users”.
However, this CamScanner episode makes one question the security of app updates and the privacy risks associated with an innocent legit app turning into a malware.