CamScanner PDF creator on Android contained malware; delete it ASAP

Written 9 months ago by IanDorfman

In a rare example of an app available for download on the Google Play Store flat-out containing malware, CamScanner was discovered to have a “Trojan Dropper” present on versions dated from June 16th to June 30th (when it was then removed). If you haven't updated the app since around June, delete it as soon as possible. Even if you have, it's still highly recommended to use an alternative.

Small CamScanner iconCamScanner’s malware first appeared in the June 16 update of the app (version 5.11.3.20190616), and persisted through the app’s June 25 update (version 5.12.0.20190725). It was removed starting with the June 30 app update (5.12.0.20190730). This means that if you downloaded the app at any point in that range of dates and haven't updated it since, you're very likely at risk.

According to a report by Kaspersky, an advertising model called Trojan-Dropper.AndroidOS.Necro.n was present during that date range. This module could extract a trojan downloader that could potentially download even more malware depending on the whims of the developers.

Though the latest version of CamScanner has seemingly removed the malicious code, the fact that it was ever present demonstrates a clear betrayal of trust, meaning that it cannot and should not be trusted. To ensure security and transparency, AlternativeTo recommends an open source alternative in this case, such as Small Open Note Scanner iconOpen Note Scanner.

Further coverage:
Kaspersky official blog
Android Police
BleepingComputer
Lifehacker
The Next Web