If you have ever had a need to scan a document using your phone, you may have come across the CamScanner app. It is one of the popular document scanning applications that I have used a few times.
Cam Scanner has always worked as you expect it to but this all changed recently and researchers from Kaspersky Lab said that they found a malicious component within the application. According to Kaspersky, the module has been identified as a Trojan-Dropper that extracts and runs another malicious module from an encrypted file included in the app’s resources.
“This ‘dropped’ malware, in turn, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” the researchers said.
The researchers noted that CamScanner has been a clean app for years with no malicious intentions. This changed with the recent update that shipped with an advertising library containing the malicious module. Some users noticed a change in behavior and left negative reviews of the app on the Play Store and this is how Kaspersky researchers picked it up. The researchers then reported their findings to Google and the app was removed from the Play Store.
CamScanner developers updated the app and have removed the malicious code. This is good but according to Kaspersky, “versions of the app vary for different devices, and some of them may still contain malicious code.” It is safe to just avoid this application and go for the many other free alternatives available on the Play Store including Microsoft OneNote.
Before it was yanked from the Play Store, CamScanner had over 100 million downloads so it is not just another unknown app whose developers want to make some quick cash. This leaves me wondering, what were the developers thinking? Did they really think they were going to get away with this?
Seeing a popular app like CanScanner being sketchy like this just shows you some of the challenges Google faces with its ecosystem.
Read Next: Microsoft Partners with Samsung for Seamless Switching Across Android and Windows
