CamScanner has acknowledged that a malicious module was present in the Ad SDK of CamScanner version 5.11.7. The SDK was apparently provided by a third-party named AdHub and was producing unauthorized ad clicks. The company claims that it will take immediate legal action against Adhub as the injection of any suspicious code violates the company’s security policy. Additionally, after ’round of security investigation’ no evidence of any document leaking has been found. CamScanner has apparently removed all advertising SDKs that are not certified by Google Play and is releasing a new version that can currently be downloaded from the company’s website.
— CamScanner (@CamScanner) August 28, 2019
There is a good chance that you know about the CamScanner app, which is available on both Android and iOS. The ‘Scanner to Scan PDFs’ app had over 100 million downloads before booting from the Google Play Store. Researchers at Kaspersky Labs found a malware in recent versions of the popular OCR (optical character recognition) app. This was apparently disturbing an ad library with a malicious module, identified by Kaspersky researchers as ‘Trojan-dropper.androidOS.necro.n’. Reportedly, this particular malware module was previously spotted in some apps that came preinstalled on some. Chinese Smartphone.
The malware module was only seen on the Android version of the app and it appears that its iOS version is still available on the App Store, probably due to Apple’s strict app vetting policies. As the Kaspersky blog notes, CamScanner was a very good app that provided remarkable functionality. It displayed advertisements to generate revenue, but options for in-app purchases and license purchases to eliminate ads varied. However, the Trojan Dropper module found within the application is said to extract and run another malicious module from an encrypted file included in the app’s resources.