Malware Found in CamScanner Android App With 100+ Million Users

[whitestar_999]

Source: WARNING — Malware Found in CamScanner Android App With 100+ Million Users

Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store.

So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store.

Unfortunately, CamScanner has recently gone rogue as researchers found a hidden Trojan Dropper module within the app that could allow remote attackers to secretly download and install malicious program on users' Android devices without their knowledge.

However, the malicious module doesn't actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app.

Discovered by Kaspersky security researchers, the issue came to light after many CamScanner users spotted suspicious behavior and posted negative reviews on Google Play Store over the past few months, indicating the presence of an unwanted feature.

"It can be assumed that the reason why this malware was added was the app developers' partnership with an unscrupulous advertiser," the researchers said.

The analysis of the malicious Trojan Dropper module revealed that the same component was also previously observed in some apps pre-installed on Chinese smartphones.

"The module extracts and runs another malicious module from an encrypted file included in the app's resources," researchers warned.
"As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions."
Kaspersky researchers reported its findings to Google, who promptly removed the CamScanner app from its Play Store, but they say "it looks like app developers got rid of the malicious code with the latest update of CamScanner."

Despite this, the researchers advised users to just keep in mind "that versions of the app vary for different devices, and some of them may still contain malicious code."

It should be noted that since the paid version of the CamScanner app doesn't include the 3rd-party advertising library and thus the malicious module, it is not affected and is still available on the Google Play Store.

Although Google has stepped up its efforts to remove potentially harmful apps from Play Store in the last few years and added more stringent malware checks for new apps, legitimate apps can go rogue overnight to target millions of its users.

"What we can learn from this story is that any app — even one from an official store, even one with a good reputation, and even one with millions of positive reviews and a big, loyal user base —can turn into malware overnight," the researchers concluded.
Therefore, you are strongly advised to always keep a good antivirus app on your Android device that can detect and block such malicious activities before they can infect your device.

In addition, always look at the app reviews left by other users who have downloaded the app, and also verify app permissions before installing any app and grant only those permissions that are relevant for the app's purpose.

For more technical detail about the Trojan Dropper malware found in CamScanner and a full list of its indicators of compromise (IOCs) including MD5 hashes and its command and control server domains, you can head on to Kaspersky's report.

 

[SaiyanGoku]

Any idea from which version onwards the app got infected?

 

[whitestar_999]

I don't think that has been revealed but as per Malicious Android app had more than 100 million downloads in Google Play

It looks like app developers got rid of the malicious code with the latest update of CamScanner. Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code.

so better play safe & use some alternative for few weeks/month.

 

[SaiyanGoku]

I'm using version 5.11.3.20190614 (June 15 build) and have host level adblock enabled.

However, the malicious module doesn't actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app.

Would block it from network access as well.

 

[whitestar_999]

Btw never understood popularity of such softwares,I mean they can never match a traditional scanner with flatbed scanning so why not just take a high resolution pic.

 

[SaiyanGoku]

It crops, enhances and skews the images to look like they have been scanned via a traditional scanner. Results are good enough. Not everybody has a hardware scanner at their disposal and even if they do, this ends up as the faster option.

 

[Flash]

For those who are looking for alternative - check Adobe Scan app.

 

[rhitwick]

Btw never understood popularity of such softwares,I mean they can never match a traditional scanner with flatbed scanning so why not just take a high resolution pic.

Dude! The app is quite good.

While switching to my current job, I used this app to scan my documents.
Was accepted without issue!

 

[whitestar_999]

Dude! The app is quite good.

While switching to my current job, I used this app to scan my documents.
Was accepted without issue!

I know,I have used it but I found out that for my needs just taking a high resolution pic from main camera was good enough.I have a traditional all-in-one scanner at home so only use phone for casual scans where camera works equally fine.

 

[rhitwick]

Hmm, but was very much dependent on CamScanner

What are good or at per alternatives?

 

[whitestar_999]

Try this one,very highly rated:
*play.google.com/store/apps/details?id=com.microsoft.office.officelens&hl=en_IN

 

[Zangetsu]

I know,I have used it but I found out that for my needs just taking a high resolution pic from main camera was good enough.I have a traditional all-in-one scanner at home so only use phone for casual scans where camera works equally fine.

Camscanner got so popular like whatsapp for ease of use.
And the quality of document it scans looks exactly like scanned from a Scanner machine. You won't notice a difference. plus the multiple filter options makes it a very good handy app.

Hmm, but was very much dependent on CamScanner

What are good or at per alternatives?

*play.google.com/store/apps/details?id=com.appxy.tinyscanner&hl=en

 

[maheshn]

Update: only some versions of camscanner are infected. There is a detailed list available at:

CamScanner booted from Play Store after discovery of malicious code

Also clean APK's are available at APKMirror if you are comfortable with manual install.

I removed the version on my phone, said July 30 version and wouldn't update, with the latest one.

As a bonus, the full screen ads seem to have gone away....

 

[billubakra]

I am using the 2013-2014 version with permission to use data in the background revoked. It does the job fine as per my requirement. Is there any new feature in the new versions?

 

[billubakra]

Btw never understood popularity of such softwares,I mean they can never match a traditional scanner with flatbed scanning so why not just take a high resolution pic.

Bro use it once, not everyone can afford a good traditional scanner. Moreover it is portable.

 

[whitestar_999]

I have used it(see above) but found out taking pic with main camera of my mobile with inbuilt cropping tool is good enough for some casual use.

 

[Zangetsu]

I have used it(see above) but found out taking pic with main camera of my mobile with inbuilt cropping tool is good enough for some casual use.

But from Camera you will have to adjust the whitebalance and filters to make it look like a scanner image.
CamScanner does it quite well with ease, so no hassles. That's why people prefer to use it.

 

[whitestar_999]

For my usage it was not necessary for image to "look like scan",I simply copy pasted image in word document & used pdf print feature.

 

[meetdilip]

Office Lens from Microsoft which I use will create flat bed scan like images even from distorted angle scans. There will be some lack of accuracy, but in the end, you will find the result quite satisfactory.