Google Play removes CamScanner application for hosting malware

The Google Play software platform has removed the application to create PDF documents from the CamScanner mobile due to the presence of malware hosted in its advertising library that shows ads intrusively.

CamScanner, an application that exceeded 100 million downloads on Google Play, was originally a legitimate application. However, it introduced in its code for Android a Trojan that infects users’ mobiles, as explained by the cybersecurity company Kaspersky in a statement.

The application, which offered features such as optical character recognition, was initially monetized through a “freemium” model with ads and also allowed purchases through internal payments for premium services.

At some point, it incorporated a malicious module, known as Trojan-Dropper.AndroidOS.Necro.n that has already been found previously in factory smartphones produced in China. It is a Trojan virus hosted in the code of the ad library that infected users’ devices.

The Trojan module used a download software that was also included in the application – although encrypted – that it later used to download more malware, which could vary according to the creators’ intentions.

This malicious code was used for functions such as showing users intrusive ads to subscribe to premium services, as some people had already begun to report on the CamScanner page on Google Play through their ratings.

Kaspersky informed Google about the presence of malware and the company has removed it from Google Play. According to the cybersecurity company, the application developers have already removed the malicious module from their code in the latest updates.

Source: dpa