Old Android App CamScanner With 100M Downloads Starts Delivering Malware

An old Android app stealthily targeted a Millions of Android users. As discovered by the researchers, CamScanner, an app that existed for at least 8 years and had over 100 million downloads, barraged users with malware.

Old Android App Became Malicious

Researchers from Kaspersky Lab discovered how an old existing Android app suddenly turned malicious. As identified in their blog post, CamScanner, a pdf creator app delivered malware to users.

The application caught the attention of the researchers when they noticed some bad reviews. As stated in their blog post,

The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over the past month have indicated the presence of unwanted features.

Scratching the surface revealed that the app contained a malicious dropper component Trojan-Dropper.AndroidOS.Necro.n, probably meant for advertising purpose.

It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser.

Following the execution of the app, this component decrypted and executed the malicious code.

The function of the malware dropper was to download the payload from malicious servers and execute it on the target device.

Google Removed The App From Play Store

The CamScanner app has existed on Google Play Store since 2010. The app had over 100 million downloads and pretty good ratings. It also worked fine as a PDF creator application for Android devices. However, lately, it started delivering malware to the users.

Upon noticing this malicious activity with the app, researchers promptly reported the matter to Google. Following the report, Google removed the app from the Play Store.

In similar news, researchers also discovered how the open source AhMyth malware bundled with a radio app made it to the Play Store. This malware bypassed Google’s security checks at least twice to target Android users.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients