Be cautious! Attackers can distantly take control your Android device and steal the data stored on it if you are using the free version of CamScanner, a highly-popular Phone PDF creator app with 100+ million downloads on Google Play Store. So, be secure, and just uninstall the CamScanner app from your Android device, as Google has already removed the app from its official Play Store.
Regrettably, CamScanner has just gone rascal as researchers found Trojan-Dropper.AndroidOS.Necro.n – a hidden Trojan-Dropper module within the app that could permit remote attackers to secretly download and install malicious software on the Android devices of individuals without their knowledge.
Moreover, the malicious module doesn’t reside in the code of CamScanner Android app itself; instead, it is a third-party advertising library that was recently introduced in the PDF creator app.
CamScanner individuals marked distrustful behavior
Exposed by Kaspersky security researchers, the issue came to light after many CamScanner individuals marked suspicious behavior and posted the negative reviews on Google Play Store over the past few months, indicating the presence of an unwanted feature.
Kaspersky researchers report its findings to Google, who punctually eliminated the CamScanner app from its Play Store, but they say “it looks like that the app developers got free of the malicious code with the latest update of CamScanner.”
“It can be understood that the reason why this malware was added was the partnership of add developers with the corrupt advertiser,” the researchers said.
The study of the malicious Trojan-Dropper module exposed that the same component was observed in some apps pre-installed on smartphones.
In spite of this, the researchers advise individuals to keep in mind that versions of the app vary for different devices, and some of them may still contain malicious code.
The paid version of the Cam Scanner
It should be well-known that the paid version of the CamScanner app doesn’t include the third party advertising library and thus the malicious module is not affected and it is still available on the Google Play Store.
Although Google has stepped up its efforts to eliminate the potentially harmful apps from Play Store in the last few years and added more rigorous malware checks for legitimate apps, new apps, and can go rascal overnight to target millions of its individuals.
Best antivirus app on your Device
Therefore, you are vigorously advised to keep a good antivirus app on your Android device that can block and detect malicious activities before infecting your device.
Moreover, always look at the app reviews left by other individuals who have downloaded the app, and also verify the app permissions before installing any app and grant only those permissions that are pertinent for the app’s purpose.