PSA: This Android PDF scanner contains malware, uninstall immediately

02 September 2019 PSA: This Android PDF scanner contains malware, uninstall immediately
KUALA LUMPUR, Sept 1 — If you have, or plan on using the app, CamScanner, researchers over at Kaspersky Lab have discovered a trojan module within the popular PDF scanner app. The app, which lets you scan images and turn them into PDF documents, reportedly has over 100 million downloads on the Google Play Store.

The Trojan Dropper module found in the app is down to a 3rd-party advertisement library that was only recently introduced by CamScanner, and malware-infected versions are only limited to free versions of the app. The paid version of the app, as such, is still available on the Play Store, although we’d still recommend uninstalling the app to be safe.

“Kaspersky solutions detect this malicious component as Trojan-Dropper.AndroidOS.Necro.n. We reported to Google company about our findings, and the app was promptly removed from the Google Play.” – Kaspersky

This was discovered by researchers after users reported suspicious behaviour within the app, with the trojan allowing for perpetrators to use victims’ smartphones to view intrusive advertisements, or even to sign up for paid subscriptions.

According to Kaspersky, “The owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”

The scary aspect of it all is that this is (or was) an app that had a pretty huge user base, with Google also regularly removing potentially dangerous apps from its official Play Store. But Kaspersky infers that the issue, as far as CamScanner is concerned, stems from the app developer’s “partnership with an unscrupulous advertiser”. The cybersecurity firm also reveals that a similar module was previously found in preinstalled malware on certain Chinese smartphones—something that everyone is constantly worried about.

Source: MalayMail