Malware Discovered in Popular CamScanner App!

latest cyber threats

Security researchers have discovered malware in the free version of CamScanner app allowing attackers to remotely hijack your android device.

CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on the google play store

Security researchers at Kaspersky labs spotted a hidden trojan dropper module within the app which allows remote attackers to remotely download and install malicious payloads without any user interaction.

The malicious module was found hidden a 3rd-party advertising library which was recently introduced in the app.

Researchers discovered the issue after many CamScanner users spotted suspicious behaviours and posted negative reviews on the Google play store for the past few months.

“After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. Previously, a similar module was often found in preinstalled malware on Chinese-made smartphones. It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser.” said in the analysis published by Kaspersky researchers.

A malicious component named as Trojan-Dropper.AndroidOS.Necro.n. was discovered and reported to Google and was removed from the Google play store. 

Researchers also noted they found the same module in some apps preinstalled on Chinese smartphones

The module extracts and executes another module from an encrypted file included in the app’s resources.

“This “dropped” malware, in turn, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment.”

Researchers notified Google and developers about the malware and the app was removed from the google play store. 

The developers also removed the malicious code from the app in the latest update.

Researchers also advised that versions of the app may vary for different devices, and some of them may still contain malicious code.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.

You may be interested in reading: New Ransomware named eCh0raix Targets QNAP NAS Devices

Comments

Please rate this content