Malware discovered in Google Play app with over 100 million downloads

midian182

TechSpot Editor
Staff member

Kaspersky researchers reported that the app in question was CamScanner, "a phone-based PDF creator that includes OCR (optical character recognition).”

The report notes that CamScanner was a legitimate app with no malicious intentions. Like other applications, the developers displayed ads and offered in-app purchases to make money. “However, at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module,” writes the researchers.

A “Trojan Dropper,” which Kaspersky Lab researchers named Trojan-Dropper.AndroidOS.Necro.n, was added to the app. It doesn't perform any malicious functions on its own but is used to download other types of malware, such as those that show intrusive ads, sign-ups for fake subscriptions, or ones that steal banking details. The Kaspersky team says this specific type of Trojan Dropper has been seen before “in some apps preinstalled on Chinese smartphones."

Some users of the app had noticed the suspicious behavior and left reviews on Google Play warning others to avoid CamScanner. While it appears the developers got rid of the malicious code in the latest version, Kaspersky notes that versions of the app vary for different devices, and some of them may still contain malicious code.

Earlier this month, Google removed 85 adware-infested apps from the Play Store that had over eight million installs in total, and back in November last year, over 500,000 users installed malware-ridden apps from a single creator.

Permalink to story.

 

Kibaruk

TechSpot Paladin
I've been using it for a long time and never have seen any erratic behaviour of either the phone or my accounts. I did buy it when it was not subscription based :)

It might be a different version altogether, because on search I actually open it from the license downloaded app.
 

Liet Kynes

TS Rookie
Unacceptable. Fines and/or sanctions must come. How much money have they made with this app? And how much money have they received for shipping their app with this malware? Big fines or this will happen again.
 

Trillionsin

TS Evangelist
I've been using it for a long time and never have seen any erratic behaviour of either the phone or my accounts. I did buy it when it was not subscription based :)

It might be a different version altogether, because on search I actually open it from the license downloaded app.
It's been taken down, so if you can find your version in the play store it's not the same one.

On a somewhat related topic, it's a good practice to factory restore your phone every once in awhile. I think we all download some questionable apps from time to time. I know I do when I'm searching for something oddly specific and there's just not much feedback or downloads to really decide on whether the app is going to be good or not, so I got to try it out myself.
 

Shadowboxer

TS Maniac
Android is absolutely riddled. If you’re hearing about breaches in the news it’s usually too late and that app will be gone from the store, or has been modified. It’s the apps you don’t know about that you should worry about.

I find it odd that Intel’s theoretical security breaches that have had 0 confirmed attacks and require huge amounts of specific circumstances and effort to pull off seem to cause vastly more outrage amongst the community than the very frequent dropping of a news story like this. It makes you wonder, how many people who left comments ranting about Intel’s security flaws did so from an Android device!
 

Markoni35

TS Maniac
That's exactly why Kaspersky is good. Most of other companies are linked to US government, or Israeli government. So it makes sense to have another opinion from a Russian company.

Because those related to US or Israel won't report any malware that is sending data to US/Israeli govts. They'll only report those that are sending data to the Chinese or Russians. In order to detect those that are sending data to US or Israel, you have to consult a Russian company. Diversity of information, that's how you calculate the average.
 
  • Like
Reactions: Raytrace3D

Raytrace3D

TS Addict
That's exactly why Kaspersky is good. Most of other companies are linked to US government, or Israeli government. So it makes sense to have another opinion from a Russian company.

Because those related to US or Israel won't report any malware that is sending data to US/Israeli govts. They'll only report those that are sending data to the Chinese or Russians. In order to detect those that are sending data to US or Israel, you have to consult a Russian company. Diversity of information, that's how you calculate the average.
That's a good point. I hadn't thought of it from that angle.
 

Nexusiii

TS Rookie
I've been using it for a long time and never have seen any erratic behaviour of either the phone or my accounts. I did buy it when it was not subscription based :)

It might be a different version altogether, because on search I actually open it from the license downloaded app.
If used it for years too, without suspecting. just ran a Malwarebytes and saw it had the trojan version. Uninstalled.