[Update 2: Back in Play Store] CamScanner app caught injecting malware on Android devices
Uninstall recommended for affected versions
If you are someone who frequently works around text documents, you very likely have used CamScanner in the past, or are using it in the present. CamScanner has been around the very early days of Android, presenting itself as a solution to use the camera on your smartphone as a document scanner. The app allows users to digitize paper documents, with the app then auto-cropping and enhancing the image quality of the document. There were features that allowed batch scanning multi-page documents. These features combined to give the app more than a million installs through the Play Store despite the fairly niche nature of its use. However, CamScanner has now been caught injecting malware on the phones of its users, forcing Google to remove the app from the Play Store.
Security researchers from Kaspersky investigated CamScanner — Phone PDF creator after the app started receiving a host of negative user reviews within a month, indicating the presence of “unwanted” features. Upon analyzing the app, the researchers found that the app utilized an advertising library that contained a malicious dropper component called Trojan-Dropper.AndroidOS.Necro.n. When the app is run, the dropper decrypts and executes malicious code that downloads additional modules. This modus operandi then allows the bad actors to use the infected device in any way for their singular benefit, ranging from showing intrusive advertisements to stealing money by charging paid subscriptions.
After Kaspersky reported their findings to Google, Google promptly removed CamScanner from the Play Store. As of writing this, the main CamScanner app is not available to download to any device, though you can still view its Play Store listing from a browser. AndroidPolice conducted its own tests to conclude that the versions uploaded in August 2019 are free of malware, but the versions released between June 16, 2019, to July 25, 2019, all contain the malware.
The versions with the malware are listed as below:
- June 17, 2019: 22.214.171.12490616 – unsafe
- June 25, 2019: 126.96.36.19990624 – unsafe
- July 10, 2019: 188.8.131.5290708 – unsafe
- July 10, 2019: 184.108.40.20690710 – unsafe
- July 23, 2019: 220.127.116.1190723 – unsafe
- July 25, 2019: 18.104.22.16890725 – unsafe
Versions below 22.214.171.12490614 as released on June 15, 2019, and versions beyond 126.96.36.19990730 as released on August 1, 2019, do not contain the malware, so these can be safely used if you still absolutely need to. However, we strongly recommend uninstalling CamScanner and using other alternatives. Google Photos has been working towards document management features, but you can also try out more feature-rich document scanners available on the Play Store. Hopefully, they can replicate CamScanner’s functionality without replicating the advertising library used.
Update 1: Statement
CamScanner has issued the following statement:
Download the updated version (5.12.5) of CamScanner below.
Update 2: Back in Play Store
With little fanfare, CamScanner has returned to the Play Store after an ad library the app was using was caught injecting malware. The latest version is 188.8.131.5290916. You can download it from the Play Store or APK Mirror. With the previous incident in mind, we assume Google has thoroughly tested the app.
Via: Android Police