[Update 2: Back in Play Store] CamScanner app caught injecting malware on Android devices

Uninstall recommended for affected versions

We may earn a commission for purchases made using our links.

Update 2 (9/17/19 @ 10:10 AM ET): After addressing the malware incident, CamScanner is now back in the Play Store. Update 1 (8/30/19 @ 11:05 AM ET): CamScanner has issued a statement (below) on the situation and released a fix.

If you are someone who frequently works around text documents, you very likely have used CamScanner in the past, or are using it in the present. CamScanner has been around the very early days of Android, presenting itself as a solution to use the camera on your smartphone as a document scanner. The app allows users to digitize paper documents, with the app then auto-cropping and enhancing the image quality of the document. There were features that allowed batch scanning multi-page documents. These features combined to give the app more than a million installs through the Play Store despite the fairly niche nature of its use. However, CamScanner has now been caught injecting malware on the phones of its users, forcing Google to remove the app from the Play Store.

Security researchers from Kaspersky investigated CamScanner — Phone PDF creator after the app started receiving a host of negative user reviews within a month, indicating the presence of “unwanted” features. Upon analyzing the app, the researchers found that the app utilized an advertising library that contained a malicious dropper component called Trojan-Dropper.AndroidOS.Necro.n. When the app is run, the dropper decrypts and executes malicious code that downloads additional modules. This modus operandi then allows the bad actors to use the infected device in any way for their singular benefit, ranging from showing intrusive advertisements to stealing money by charging paid subscriptions.

After Kaspersky reported their findings to Google, Google promptly removed CamScanner from the Play Store. As of writing this, the main CamScanner app is not available to download to any device, though you can still view its Play Store listing from a browser. AndroidPolice conducted its own tests to conclude that the versions uploaded in August 2019 are free of malware, but the versions released between June 16, 2019, to July 25, 2019, all contain the malware.

The versions with the malware are listed as below:

Versions below 5.11.3.20190614 as released on June 15, 2019, and versions beyond 5.12.0.20190730 as released on August 1, 2019, do not contain the malware, so these can be safely used if you still absolutely need to. However, we strongly recommend uninstalling CamScanner and using other alternatives. Google Photos has been working towards document management features, but you can also try out more feature-rich document scanners available on the Play Store. Hopefully, they can replicate CamScanner’s functionality without replicating the advertising library used.

Source: Kaspersky

Story Via: BleepingComputer

Additional Inputs: AndroidPolice

Update 1: Statement

CamScanner has issued the following statement:



Dear CamScanner Android Users, Our CamScanner Team has recently detected that the advertisement SDK provided by a third-party named AdHub, integrated in Android Version 5.11.7, has been reported for containing a malicious module that produces unauthorized advertising clicks. Injection of any suspicious codes violates the CamScanner Security Policy! We will take immediate legal actions against Adhub! Fortunately, after rounds of security check, we have not found any evidence showing the module could cause any leak of document data. We have removed all the ads SDKs not certified by Google Play and a new version would be released. Meanwhile, you may follow the steps HERE to update to the new version.

We would appreciate your patience and understanding. Best Regards,

CamScanner

Update 2: Back in Play Store

Download the updated version (5.12.5) of CamScanner below.

With little fanfare, CamScanner has returned to the Play Store after an ad library the app was using was caught injecting malware. The latest version is 5.13.0.20190916. You can download it from the Play Store or APK Mirror. With the previous incident in mind, we assume Google has thoroughly tested the app.

Via: Android Police