[German]Nasty surprise for users of the Android app ‘Cam Scanner’, which is used to create PDF files from scans recorded by camera. The app is infected with malware.
The Android app ‘Cam Scanner’ has meanwhile been removed from the Play Store by Google, as MSPU reports here. The malware was found by Kaspersky security researchers. They published a report and reported the app to Google. ‘Cam Scanner’ has been downloaded by 100 million Android users, so it is very popular. Please note that the app is known under different names like CamScanner, Phone PDF Creator and CamScanner-Scanner.
CamScanner has been a legitimate app without malware for quite some time. The app displayed ads for monetization and allowed in-app purchases. At some point, the developer seems to have integrated an advertising library in the latest versions of the app that was provided with a malicious module.
Kaspersky products recognize this module as Trojan-Dropper.AndroidOS.Necro.n. This malware has been observed in some apps preinstalled on Chinese smartphones. The module is a Trojan dropper that extracts and executes another malicious module from an encrypted file contained in the app’s resources. This malware is a Trojan downloader that downloads more malicious modules, depending on what its developers are currently up to.
For example, an application that uses this malicious code can display intrusive ads and sign users up for paid subscriptions. Some users of the CamScanner app have already discovered suspicious behavior and left ratings on the app’s Google Play page with warnings to warn about this app. It looks like the app developers have removed the malicious code with the latest update to CamScanner.