CC intelligence, the developer’s team behind the popular document scanning app called CamScanner has said to be infecting Android phones with a new malware embedded in one of their advertisement codes.
Kaspersky, a famous internet security firm from Russia broke this news first after researching the app’s code. The team started noticing some negative reviews on Playstore and started going through CamScanner’s ad SDKs.
A malicious component named “Trojan-Dropper.AndroidOS.Necro.n” is said to be connected with malware servers and was dropping malware into users’ phones. This infected module is said to extract and run another malicious component from an encrypted file included in the app’s resources!
CamScanner is having more than 100million downloads with 1.8M reviews on Google Playstore. Moreover, after finding and reporting this, the app was removed by Google from their Playstore, but it’s still present in Apple’s Appstore. May Apple’s tough policies kept away such things from happening.
Scanning docs with its “Optical Character Recognition” tech, CamScanner makes revenue by displaying ads and selling some in-app features.
Response from CamScanner:
After two days, the company has responded to Twitter saying, the malware which was detected by Kaspersky was real and found in their version of 5.11.7. This malicious malware which is capable of producing unauthorized ad clicks is supplied by one of their advertisement partners called Adhoc.
Though that malware is present in their SDK, now it was removed and have released a new version which is available from their official website.
(Malware free latest version of the app – https://t.co/79tt0IrMdw)
Furthermore, they’ve assured of no document leak from their security check and are now in the pursuit of taking legal action against Adhoc.