Home News Malware in CamScanner App affects Millions of Android Phones

Malware in CamScanner App affects Millions of Android Phones

Trickbot Malware

Security researchers found a Malware in the CamScanner, a phone-based PDF creator, Android application, which has over 100 million downloads from the Google Play Store.

According to security researchers Igor Golovin and Anton Kivva from Kaspersky, the Malware dubbed Trojan-Dropper Malicious Module was discovered in CamScanner Android apps that could inject Malicious codes into the mobile devices.

The researchers said that they found the malware after reading negative reviews on the CamScanner app posted by users. They also stated, “that the developer added an advertising library to it that contains a malicious dropper component.”

“Kaspersky researchers examined a recent version of the app and found the malicious module there. We reported our findings to Google, and the app was promptly removed from Google Play. It looks like app developers got rid of the malicious code with the latest update of CamScanner. Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code,” Kaspersky said in a statement.

“Kaspersky products detect this module as Trojan-Dropper.AndroidOS.Necro.n, which we have observed in some apps preinstalled on Chinese smartphones. As the name suggests, the module is a Trojan Dropper. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment,” the statement added.

However, this is not the first time to discover Malwares on Android smartphones. Recently, security researchers revealed an ongoing Android malware campaign dubbed ViceLeaker that has been active since 2016. According to the researchers from Kaspersky, a hacker group has been found targeting Israel’s citizens and other Middle East countries with surveillance malware named Triout.

The malware is designed to steal sensitive information, including call recordings, text messages, photos, videos, and location data without users’ knowledge. Apart from spying features, the malware also has backdoor capabilities, including upload, download, delete files, record surrounding audio, takeover camera, and make calls or send messages to specific numbers, according to the researchers. The researchers said that attackers used Smali injection technique, that allows hackers to disassemble the code of an original application and add malicious code.