Contact us: +91 9010449276 | Email Us: [email protected]
Alert! Camscanner app with 100 million downloads removed from google playstore due to trojan affected ads.

Alert! Camscanner app with 100 million downloads removed from google playstore due to trojan affected ads.

Hey, guys still you are using camscanner. Delete it right now because your android device gets breached your data by malware.

Google play store actively cleaning and updating playstore security policies and also they are patching the breaches from malware ads, malware attacks, and trojan injections.  But despite the vigilant approach, some malware loaded apps are detected from time to time and are patched and booted off the app repository after raking in a tonne of downloads. The latest app to get booted from the Play Store is CamScanner, an app that converts photos of documents into PDF format and is relatively popular among users and top-rated android app, nearly it has 100 million downloads from playstore. CamScanner was found to contain malware that could seed ads and prompt users into signing up for paid services.

The resource-linked module, that is additionally known as a “dropped” module, was found to be a Trojan downloader that downloaded even a lot of harmful modules. After that, it might depend upon however a malicious party intends to use these modules. One attainable use case situation is that such a malicious module will show intrusive ads and sign-on users for paid services. within the case of CamScanner, which has over a hundred million downloads, some users found the app’s incomplete behavior and denote reviews on the Play Store with the intention of preventing them from downloading CamScanner.

Kaspersky researchers recently detected malware in an app called CamScanner, a phone-based PDF creator that includes OCR (optical character recognition) and has more than 100 million downloads in Google Play Store. Various resources call the app by slightly different names such as CamScanner — Phone PDF Creator and CamScanner-Scanner to scan PDFs. CamScanner’s recent versions shipped with an advertising library containing a malicious module. The malicious Trojan-Dropper module, which has been identified as “Trojan-Dropper.AndroidOS.Necro.n”, has previously been observed in some Chinese apps as well. What this module did is it extracted and ran another malicious module from an encrypted file that is found in the app’s resources.

Once the Kaspersky researchers understood that the advertising dropper in a recent version of the CamScanner app, they reported it and the app was promptly removed from the Play Store. It was also observed that the developers behind CamScanner got rid of the module in the latest version of the app. But since different phones might be running different versions of the app, some of which might contain the malicious code in its resource files, it is better to uninstall the app and download it again only when it is back on the Play Store after due verification.
Camscanner responded after removed app from playstore


After CamScanner app was removed from the playstore. Camscanner has acknowledged that a malicious module was present in the advertisement SDK of CamScanner latest version 5.11.7. The SDK was relatively provided by a third-party called AdHub and was making unauthorized ad clicks. The company decided that it will take immediate legal action against Adhub since the injection of any suspicious code violates the company’s security policy. Additionally, no evidence of any document leaks has been found after ’rounds of security checks.’ CamScanner has relatively removed all the ad SDKs that are not certified by Google Play and is releasing a new version that can be currently downloaded from the company’s website.

There’s a good chance that you know about the CamScanner app, which is available on both Android and iOS. The ‘Phone PDF Creator’ or ‘Scanner to Scan PDFs’ app had over 100 million downloads, before being booted from the Google Play Store. Researchers at Kaspersky Labs found malware in the recent versions of the popular OCR (optical character recognition) app. It was apparently harboring an advertising library containing a malicious module that the Kaspersky researchers identified as ‘Trojan-Dropper.AndroidOS.Necro.n.’  As per the report, this particular malware module was previously spotted in a few apps that came preinstalled on some Chinese smartphones. 

The malware module was spotted only on the Android version of the app and it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies. As the Kaspersky blog notes, CamScanner was a pretty good app that offered notable functionality. While it displayed ads for generating revenue, there were options for in-app purchases and buying a License separately for eliminating ads. However, the Trojan-Dropper module found within the app is said to extract and run another malicious module from an encrypted file included in the app’s resources.

For more latest updates and articles please visit our website and social media Twitter, Linkedin and facebook. Please subscribe to our newsletter.


Close Menu