Researchers at multinational cybersecurity company, Kaspersky Labs, discovered a malicious module in the widely used mobile scanning app, CamScanner. As a result of the discovery, the app was taken down by Google from its play store last week. Seemingly, the iOS version of the app remained unaffected by the malware.
On 5th September 2019, the developers of the popular PDF creator app, announced its comeback on their official Twitter handle. Reportedly, they have removed all advertising SDKs in the latest version of CamScanner, i.e., version 5.12.5, which can be downloaded by the users from Google Play Store.
There were issues in the previous version of the app, however, the app, CamScanner in itself is a completely authentic and widely used application.
According to the researchers at Kaspersky Labs, “Recent versions of the app shipped with an advertising library containing a malicious module,”
“The module is a Trojan-Dropper that means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped” malware, in turn, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment,” they added.
The Trojan-Dropper module which is called as “Trojan-Dropper.AndroidOS.Necro.n” is configured to befool users into signing up for paid subscriptions by showing them intrusive advertisements.