Researchers found a trojan dropper hidden within the Android app called CamScannner. CamScanner is an app available in the Google Play Store that is supposed to be able to scan documents using the Android device’s camera. With over 100 million downloads, this app has become extremely popular. Originally, CamScanner was a legitimate Android app that used in-app purchases and ad-based monetization. At some point, and it is unclear as to exactly when, the app’s advertising library was updated with a malicious module. The module, dubbed Trojan-Dropper.AndroidOS.Necro.n, is a Trojan-Dropper that compromises Android devices and allows attackers to infect the devices with a host of other malware. Some of the malware that has been found can send intrusive advertising, steal money from accounts stored on the device and charge paid subscriptions without the victim’s input. After the researchers notified Google of the malicious payload, Google removed the app from the PlayStore. CamScanner has subsequently released an update that removed the vulnerability.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased