Hidden malware has been discovered in popular phone-based PDF creator Android app CamScanner, cybersecurity firm Kaspersky warned in a blog post. It claimed that the app was removed from the Play Store after the finding was reported to Google.
Kaspersky detected something called the Trojan-Dropper.AndroidOS.Necro.n module in recent versions of CamScanner, which can potentially download more malicious modules on a user’s device without them knowing about it.
The firm goes on to say that CamScanner was a legitimate app with no malicious intentions initially, but that that changed at some point as recent versions of the app contain advertising library with a malicious module. The Trojan-Dropper.AndroidOS.Necro.n, as per the firm, was also detected pre-installed on some apps on Chinese smartphones.
“As the name suggests, the module is a Trojan Dropper. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources,” the post read. CamScanner reportedly has over 100 million downloads in Google Play. Though the malicious code is said to have been removed in the latest version, there still may be some versions of the app that still contain the code.
“This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” the post read,” it added.