CamScanner app affected by Trojan Dropper malware, has over 100 million downloads

Notably, the malware has only been found in the Android version of the app.


There are high chances that you are a user of the CamScanner app, and if not, you must have at least heard of it. CamScanner is a popular ‘Phone PDF Creator’ or ‘Scanner to Scan PDFs’ app, it is available on both Android and iOS, and has over 100 million downloads on Play Store alone. However, the app has now been booted from the Android app store.

Researchers at Kaspersky Labs found malware in the recent version of the app. This malware was harbouring an advertising library containing a malicious module which was identified as "Trojan-Dropper.AndroidOS.Necro.n.".

CamScanner app affected by Trojan Dropper malware, has over 100 million downloads

The CamScanner app is currently unavailable on Google Play Store.

Basically, the Trojan-Dropper malware found within the app was apparently extracting and running another malicious module from an encrypted file included in the app’s resources.

“This “dropped” malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” the Kaspersky blog notes.

Notably, the malware has only been found in the Android version of the app. The iOS app is still up and running on Apple's App Store.

At the time of writing the story the CamScanner app was not available on the Play Store. Although Kaspersky notes that the developers of the app have already fixed the issue in the latest update of the app. However, in case you haven't received the latest update or if your device isn't compatible with it, it's best you uninstall the app for the meanwhile.