Malware Found in Android PDF App CamScanner

Users of the Android app CamScanner have been advised to uninstall the app after a recent version was found to harbour malware.

Security researchers at Kaspersky Lab have discovered a hidden Trojan-Dropper module in the free version of the app, which has been downloaded by over 100 million Android users.

CamScanner is an optical character recognition (OCR) app that takes high-quality photos of documents and allows users to create editable PDF files from photos of text. The free version of the app was available to download from the Google Play Store and was positively reviewed by users.

Earlier versions of the app did not contain malware. An update to the app included the malware dropper in the part of the app that deals with advertising.

Researchers at Kaspersky Lab identified a malicious module in the advertising library that downloaded a malware dropper called Trojan-Dropper.AndroidOS.Necro.n. Once executed, the Trojan extracts and runs a second malicious module in the app’s resources, which in turn downloads and executes another malicious module.

Kaspersky Lab found the app was subscribing users to services without their knowledge and users of the app were bombarded with invasive adverts. The app could potentially perform any number of other malicious actions.

Kaspersky Lab researchers believe the location of the malicious module makes it probable that a third-party advertising partner of CamScanner added it.

The malicious module was found in a recent version of the app but has since been removed. Google was notified of the malware harboured by the app, and the app was removed from the Google Play Store.

The paid-for version of the app does not contain the malicious code as it was present in the third-party advertising library, which is only present in the free version of the app.

Kaspersky Lab researchers said the malicious module had also previously been added to apps that were pre-loaded on certain Chinese smartphones.

Kaspersky Lab investigated the app after users started posting strongly negative reviews, in contrast to the initial positive response. The researchers say their discovery shows that even legitimate apps with excellent online reviews and millions of users can go rogue overnight.

Some experts recommend that users should complete a full anti-virus check of their phone once the app has been uninstalled in case any malware has been installed on their device.