Kaspersky discovers a Trojan horse in the Android app CamScanner, downloaded 100 million times



Very popular, CamScanner application was removed from Google Play after the discovery of an injector to insert malicious code in smartphones.If you were an Android user of CamScanner, the application that allows you to scan, store and share different content in PDF or JPEG via your smartphone, do not be surprised to no longer have access to it. No longer available on the Google Play Store after the Kaspersky experts report, the application published by INTSIG Information included ads containing malicious code.

The tile, for an application to 100 million downloads

More than a tile, it's a true disillusion for developers of CamScanner. If they can console themselves by being always present on the App Store, being ejected from Android should not be easy to cash. The application totalized over 100 million downloads since his arrival on the Play Store in 2010, before the security researchers from Kaspersky do not go through there.
The specialists have indeed discovered a dropper (a trojan that introduces and installs the malware) which allowed to remotely deposit a malicious downloader on the device, thanks to an encrypted file hidden in the CamScanner code.

After its activation, it allowed the download of malicious files on the mobile of the user.

Intrusive ads and subscriptions to subscriptions without user agreement

Affected users were, for example, disturbed by intrusive ads and found have subscribed without their knowledge to paid services. On Twitter, CamScanner developers acknowledged that the app had hosted an ad module from the company AdHub, which generated unauthorized ad clicks. " We will immediately take legal action against AdHub "Says the publisher whose application remains available on its official website.

Regarding the origin of the problem, the search for security Igor Golovin, Kaspersky, has his idea on the question: " It's not often that we see an application with a loyal user base and so many installations distributing malicious components. Given the positive comments on the Google Play app page and the fact that security researchers had not detected malicious activity before, it seems that Malicious modules have been added to the application via an update. This case recalls the importance for consumers of protect their devices, even if they download their applications through the official stores ". QED.

Source: Press release

Source link


Please enter your comment!
Please enter your name here

fourteen + four =