Beware!!! A hidden malware has affected the most popular and widely used Android App. CamScanner, an Android phone-based PDF creating an app with 100 million+ user downloads has recently been found to be running a malicious module.
The CamScanner App had a recent update through which malware was installed into the user’s devices. The malware is not in the actual app but it’s in a third-party advertisement library module.
The Kaspersky security researchers found this malware after the users have reported some unusual behaviour in their mobile devices. They also posted negative comments on the play store indicating some unwanted features included over the past few months.
The Kaspersky researchers have come across this malware previously in some of the pre-installed apps of Chinese smartphones. Hence it became easy for them to identify this malware in the first place.
As soon as the Kaspersky researchers found this malware, they reported the Google play store about their findings. Google took down the free version of the CamScanner app promptly.
The attacker used a trojan dropper to install more malicious software into the user devices without them knowing. A Trojan dropper installs more malicious software into the user’s devices.
Once this malicious software has installed into the user devices, the attacker hijacks the user’s device, the attacker gains remote access to the user’s device. The attacker gains complete control of the user’s device including the user’s data, camera, and other information in the phone.
The attacker can steal all the sensitive information like the bank details and other important data in the user’s device. The attacker can operate the user’s device for any purpose they wish to use it for.
The CamScanner app developers have removed this malicious module, and the app has been reinstated.
The researchers advised that the version of the app varies for different devices and hence some of the devices may still contain the malware affected version in them.
The app developers stated that this malware has only affected the free version as the paid versions do not have a third-party advertisement library module in them. Hence google did not take down the paid version of the app.
Though Google has taken down the malicious app promptly, the last few years have been very challenging for Google to step up its efforts to take down all the potentially harmful apps and add more exacting malware checks for new apps. Any legitimate app can go, rogue, victimizing millions of users overnight.
From this attack, we can conclude that even from an official store, an app with good reputation, positive reviews, millions of downloads by millions of loyal user base can still turn into a malware overnight.
Therefore, we strongly recommend you to use a very good anti-virus on your device which can identify and block any malicious activity on your device.
While giving the app permissions make sure you allow only the ones that help with the functionality of the app.