Android app with more than 100 million downloads spread malware

The CamScanner app for Android included a so-called Trojan Dropper, a module that installed malware on infected devices. The Trojan Dropper was implemented in the app in an advertising library.

Ars Technica reports that CamScanner was a perfectly normal app for most of its lifespan. Among other things, it made it possible to scan and manage documents. At a certain point, however, an update was rolled out, as a result of which the advertising library with malignant module ended up on smartphones. This allows cybercriminals to perform all kinds of malicious activities on smarpthones.

Kaspersky researchers discovered the malicious use of the app. The Trojan Dropper was named Trojan-Dropper.AndroidOS.Necro.n. In a blog post Kaspersky gave more information. “The Trojan-Dropper.AndroidOS.Necro.n features described above perform the main task of the malware: to download and launch a payload from malicious servers. As a result, the owners of the module can use an infected device to their own advantage, from showing intrusive advertising to the victim to stealing money from their mobile account by charging paid subscriptions.”

Apps on Google Play not sufficiently checked

Ars Technica notes that the discovery means that it remains uncertain whether apps on Google Play are safe. If an app with malware like this can slip through security, this can happen more often. Kaspersky researchers reported in their report that user reviews give a good indication of whether or not you are going to download an app. Other users can then give an indication of the safety and/or user-friendliness of an application.

It is also advised to pay close attention to which permissions an app requires. Among other things, access to the microphone, camera, contacts and location of the smartphone is often requested. However, sometimes apps use it for entirely legitimate reasons, so Android users are never entirely certain.