A few weeks back, CamScanner, the popular document scanning application, was removed from the Play Store after researchers at Kaspersky Lab said they found a malicious component within the application. According to Kaspersky, the module has been identified as a Trojan-Dropper that extracts and runs another malicious module from an encrypted file included in the app’s resources.
With the revelation by Kaspersky Lab, CamScanner was immediately removed from the Play Store but it is back now and hopefully the company has solved the problem. CamScanner has confirmed that the app is back on the Play Store and says that users should download the updated app, version 5.12.5 from the Play Store. The company has also urged iOS users to update the app but it is still not clear if they were affected in the first place.
CamScanner says that there is no evidence that data was leaked as a result of the malicious codes. It is still early to confirm this but the company may be right as there are no signs of any breach.
Before re-listing the app on the Play Store, CamScanner temporarily removed all advertising SDKs from the app. CamScanner blames the presence of the malicious code on a third-party advertising SDK provided by AdHub. The company said it was going to take legal action but it is not clear if it has done so yet.