Malware Found in Android App with 100M Users

CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.

CamScanner, an Android app commonly used to scan and organize electronic documents, was found to contain malicious components to download malware onto infected Android devices.
The PDF creator is legitimate and has been downloaded more than 100 million times, Kaspersky Lab researchers report, noting recent reviews indicated unwanted features. CamScanner relied on ads and in-app purchases to make money. At some point, things changed, and analysis shows the app was updated with an advertising library containing a malicious dropper component.
Researchers
call
the dropper Trojan-Dropper.AndroidOS.Necro.n. When CamScanner is run, the module extracts and runs a payload from an encrypted file in the apps resources. This dropped malware, they explain, can download more malicious code. As a result, the modules owners can use an infected device any way they want; for example, they could push false advertisements to the screen or charge victims paid subscriptions to benefit from financial gain.
When Kaspersky Lab researchers analyzed a recent version of the app and found the malicious module, they reported their findings to Google, and CamScanner was removed from Google Play. While it seems the apps developers removed the malicious code in the latest update, researchers warn that versions of the app vary from device to devices, and some may still contain the malware.
These findings highlight that any app, even a legitimate one from an official store with positive reviews, can be updated to contain malware. Even Google cant thoroughly scan the millions of apps in the Play store and, as a result, malware can slip through the cracks and end up in apps that have been vetted.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
The Right to Be Patched: How Sentient Robots Will Change InfoSec Management
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Malware Found in Android App with 100M Users