Cyber-security researchers at Kaspersky claim to have found a hidden “Trojan Dropper module” within a popular Android app, CamScanner, turning the app into a malware of some sort. According to their report , the malware is found in the free version of CamScanner, a highly-popular PDF creator app with more than 100 million downloads on the Google Play Store.
The hidden Trojan Dropper was unearthed by Kaspersky following reports from many CamScanner users, who complained about suspicious behavior and left reviews on the app’s Google Play page with warnings to avoid it at all cost.
According to the researchers, the malicious module doesn’t actually reside within the CamScanner code, but is part of a 3rd-party advertising library that was recently introduced in the app.
Kaspersky says CamScanner was originally a legitimate app, but that changed with recent updates that shipped with an advertising library containing this malicious module.
It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser
To explain how a typical Trojan Dropper works, Kaspersky
said:
the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This ‘dropped’ malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment.
Even though CamScanner developers got rid of the malicious code with the latest update, Kaspersky is recommending that existing users uninstall it from their devices, irrespective of which version they are running. Also, Google has removed it from the Play Store following Kaspersky’s report.
What’s your take? Cancel reply