Malware in CamScanner android app
android app "CamScanner" (free version), which is a popular app with more than 100 million downloads on Google Play Store, has been known as a trojan malware by Kaspersky recently and has been removed from Google Play Store, after the Kaspersky report. The developers of this phone-based PDF creator app, recently has used an advertising library, containing a trojan inside, in the free version of the app. After the installation, this trojan acts as a downloader and downloads and installs another malicious app that allows the remote attackers to access the victim's android device. This trojan, named "Trojan-Dropper.AndroidOS.Necro.n" by Kaspersky, was also previously observed in some apps pre-installed on Chinese smartphones. The attackers can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.
The C&C server addresses used by the trojan are as follows:
It should be noted at the end that since the paid version of the CamScanner app doesn't include the 3rd-party advertising library and thus the malicious module, it is not affected and is still available on the Google Play Store.
Symptoms of infection
Displaying intrusive advertisements and increase in the bill costs
Methods of Clearing Mobile Infected
Uninstalling the "CamScanner" app and full scanning the infected device with a trusted and updated anti-malware software
Methods of Infection Prevention
The following recommendations can play a significant role in preventing the mobile phones from being infected by the above-mentioned malwares.
- Consider permissions required from the application to be installed
During installation of android applications, they request some permissions to be accepted by the user. It is very important to prevent installing, if it requires more permissions than needed; considering the functionality it provides (based on the developer's explanations about the application).
- Check the ratings and reviews about the application
Prior to installing any app, check its ratings and reviews. Focus on the negative ones, as they often come from legitimate users, while positive feedback is often crafted by the attackers.
- Install anti-virus software and update it periodically
In recent years, the widespread prevalence of malware and viruses on android mobile devices caused many problems for smart phone users, so installing an anti-virus program is one of the essentials to prevent the android devices to be infected and malwares to be spread.
also notice that always use a trusted and reliable anti-virus program and update it periodically to detect newly released malwares as soon as possible.