Recent research from Internet security firm Kaspersky Labs has discovered malware in CamScanner – a popular app used by millions of people to scan documents, notes, receipts, etc. into PDF files. Interestingly, according to a blog post from Kaspersky Labs, CamScanner started out as a totally “clean” app and wasn’t a malware by itself. It used ads as well as IAPs to generate income.

Camscanner
CamScanner is a popular app that allows its users to scan documents into PDF files

The issue, however, surfaced late last month with some versions of CamScanner. These versions allegedly came with an advertising library that contained a harmful module called “Trojan-Dropper.AndroidOS.Necro.n. When left unchecked, it would extract and run an encrypted file in the app’s resources that would in turn download more malicious module to the user’s device. Affected users reportedly experienced intrusive adverts, and many were signed up for paid subscriptions.

1567227182 896 Camscanner Android Malware 15672267
The app was flagged as containing malware by Kaspersky

The issue was present only in the Android version of CamScanner and there were no reports of iOS users getting affected. The app was removed by Google following this incident, but it made a return earlier this month in the form of an updated version, which is currently still available for download on Google Play. The developer of the app has explained on Twitter that it found no evidence of leaked document data and blamed a 3rd-party advertising software development kit provided by AdHub. For security purposes, though, CamScanner has temporarily removed all advertising SDKs.

Camscanner Twitter Announcement
The announcement found on the official Twitter page of CamScanner

Meanwhile, Google has been quietly changing its policies for putting new apps up on Google Play. All newly-submitted app would need at least 3 days before it can be approved, meaning one cannot simply just publish an app instantly. However, this who affair with CamScanner has led to a lot of concerns regarding the security of app updates.