Google has been actively removing the apps engaged in malicious behaviour. The latest app..
to get removed from the Play Store is CamScanner, the popular app used to convert documents into PDF format.
Cybersecurity research firm, Kaspersky found out that CamScanner’s recent version is shipped with an advertising library that contains malicious module. The Trojan module runs from an encrypted file found in the app. The module identified as “Trojan-Dropper.AndroidOS.Necro.n” is previously observed in Chinese apps as well.
The Trojan downloader is more harmful than any other modules. Kaspersky’s blog notes that CamScanner is a pretty good app that offers great functionality. The app displays ads to generate revenue along with some in-app purchase options. However Trojan Dropper module can extract and urn other malicious modules from an encrypted file.
The blog reads, “This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions.”
Kaspersky also notes that app developers have removed the malicious code from the latest update. However it is recommended to uninstall the app as the user device may have an older version or its resources that contain Trojan Dropper malware module.
The malware is found only in the Android version of the app. iOS version is not infected in any way. CamScanner has over 100 million downloads. Sone users had reported weird behaviour of the app in past, the app was spotted showing intrusive ads, forcing users to sign up for paid services.
While this is not the first time a malware has slipped through Play Store’s app vetting process, CamScanner’s removal from the store highlights Google’s inability to protect users. The company has removed a number of apps in the past few months.