Beware! Hackers can remotely hack your Android phone and steal data stored on it if you are using the free version of CamScanner, a highly-popular Phone PDF creator app that has more than 100 million downloads on Google Play Store.
However, CamScanner was actually a legitimate app, with no malicious intentions whatever, for quite some time. CamScanner used ads for monetization and even allowed in-app purchases. But, at some point, that changed, and recent versions of the CamScanner app shipped with an advertising library containing a malicious module.
So, to be safe, just uninstall the CamScanner app from your Android device right now, as Google has already removed the app from its official Play Store.
Unfortunately, Kaspersky researchers found a hidden Trojan-Dropper.AndroidOS.Necro.n module within the CamScanner app that could allow remote attackers to secretly download and install malicious programs on the user's Android device without their knowledge. This module was also found in some of the apps that came pre-installed on some phones sold in China.
However, the malicious module doesn't actually in the code of the CamScanner Android app and they didn't have the intention to harm users. The company recently added a third-party advertising library that has a malicious module.
The issue came to shine after many CamScanner users reported suspicious behavior of the app and many of those also posted negative reviews on Google Play Store in recent months, indicating the presence of an unwanted feature.
Researchers of Kaspersky reported its findings to Google, who promptly removed the CamScanner app from its Play Store, but they say that it looks like app developers got rid of the malicious code with the latest update of CamScanner app.
Despite this, the Kaspersky researchers advised users to just keep in mind that versions of the CamScanner app vary for different devices, and some of them may still contain malicious code.
It should be noted that the paid version of the CamScanner app doesn't include the third-party advertising library and thus the malicious module. So, it is not affected to the paid version of the CamScanner app and the paid version of the app is still available on the Google Play Store.
What we can learn from this story is that any app even one from an official store, even one with a good reputation, and even one with millions of positive reviews and a big, loyal user base also can turn into malware overnight. Every application is just one update away from a major change.
Official app store such as Google Play Store is usually considered a safe haven for downloading software. Unfortunately, nothing is 100% safe and secure, and from time to time malware distributors manage to sneak their apps into Google Play Store.
Therefore, you are advised to keep a good antivirus software on your Android device that can detect and block such malicious activities before they can infect your device.
In addition, always read app reviews posted by other users who have downloaded the app, and also verify app permissions before installing any app and grant only those permissions that are relevant for the app's purpose.
If you want to know more about the Trojan Dropper malware found in the CamScanner app and a full list of its indicators of compromise (IOCs) including MD5 hashes and its command and control server domains, you can move on to Kaspersky's report.
I hope you find useful information in this article. If you have any questions then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.