CamScanner is a popular document scanner app with more than 100 million downloads on Google Play Store. If you are also one of the people who use CamScanner, you should remove it from your phone right now.
Researchers at Kaspersky have found a hidden Trojan-Dropper module within the app that could allow an attacker to secretly download and install malicious code on any Android phone using CamScanner. This module is called Trojan-Dropper.AndroidOS.Necro.n. this module was also found in some of the apps that came preinstalled on some phones sold in China.
The fault is not exactly from CamScanner side as the code of CamScanner is safe and they didn’t have the intention to harm users. The company recently added a 3rd-party advertising library that has a malicious module.
Several users reported suspicious behavior of the app and many of those also posted negative reviews on Google Play Store in recent months.
This again shows how badly Google failed in protecting Android users even if it has introduced lots of security checks to ensure safety. After Kaspersky researchers reported this, Google removed the free app from Google Play. It was also reported that the latest verse of the app was safe, but still, there are hundreds of thousands of devices running on an older version with malicious code.
It should also be noted that the paid version of CamScanner doesn’t come with 3rd-party advertising library. So, it is not affected and one can keep using it.
Source: Kaspersky
