The CamScanner app was published by CC Intelligence, a company based in Shanghai which specializes in optical character recognition – aside from the CamScanner app that features this tool, it also has created apps that capture text from business cards.
The CamScanner was downloaded over 100 million times from the Google Play store and has been present among its offers ever since 2010. It made revenue from ads and in-app purchases but, according to the researchers from Kaspersky, a Russian anti-virus firm, some recent versions of the app also backpacked something else: a Trojan that infected Android devices with malware.
The Trojan makes an appearance when the app is run and “executes the malicious code contained in the mutter.zip file in the app resources.” It was detected under the name Dropper.AndroidOS.Necro.n and it launches “a payload from malicious servers” which basically translates into intrusive ads but also another, more harmful action which signed up the users for paid subscriptions.
The Trojan connected to the user’s server and downloaded the additional code.
Kaspersky begun to investigate the app after a number of negative reviews started popping up, which was red flag, considering the app had, at that time around 1.8 million, generally positive, reviews.
The firm notified Google about the situation which swiftly pulled it from the Google Play Store. Kaspersky later noted that the app developers also managed to remove the malware via a few more recent updates.
“What we can learn from this story is that any app — even one from an official store, even one with a good reputation, and even one with millions of positive reviews and a big, loyal user base —can turn into malware overnight.” The researchers at Kaspersky said. “Every app is just one update away from a major change.”
At the time this article is being written, CC Intelligence has not made any comments concerning the situation.