CamScanner which is a popular Phone PDF creator app is found to have malware which lets the attackers to remotely hijack your Android device and steal data stored on it.
The malware has affected the free version of CamScanner and it has more than 100 million downloads on Google Play Store. Google has now removed the free app from its official Play Store. So, it is safe to uninstall the CamScanner app from your Android device now.
The researchers at Kaspersky have found a hidden Trojan Dropper module within the CamScanner app that could permit remote attackers to secretly download and install malicious program on users’ Android devices without their knowledge.
This malicious module does not reside in the code of CamScanner Android app itself, but it is part of a 3rd-party advertising library which was recently introduced in the PDF creator app.
The issue was revealed after many CamScanner users noticed suspicious behavior and posted negative reviews on Google Play Store over the past few months, indicating the presence of an unwanted feature.
The researchers stated that the reason why this malware was added may be due to the app developers’ partnership with an unethical advertiser.
On analysis of the malicious Trojan Dropper module, it is found that the same component was also earlier found in some apps pre-installed on Chinese smartphones.
The module extracts and runs another malicious module from an encrypted file included in the app’s resources. So, the owners of the module can use an infected device for their own benefit like showing the victim unwanted ads or steal money from their mobile account by charging paid subscriptions etc.
Kaspersky researchers reported its findings to Google who then immediately removed the CamScanner app from its Play Store. Google however stated that the app developers have cleared the malicious code with the latest update of CamScanner.
Even then the researchers claimed that since versions of the app vary for different devices, some of them may still contain malicious code.
It is important to note that since the paid version of the CamScanner app does not include the 3rd-party advertising library and the malicious module, it is not affected by the malware and is still available on the Google Play Store.
The researchers concluded that any app, even from an official store, or with a good reputation, or with millions of positive reviews and a big, loyal user base can turn into a malware overnight.
All the users are highly recommended to always use a good antivirus app on your Android device that can detect and block such malicious activities before they can infect your device.
It is also important to always check for app reviews made by other users who have downloaded the app. Also it is necessary to verify the app permissions before installing any app and grant only those permissions which are appropriate for the app’s purpose.