The document scanning application, very famous on Google Play, had integrated a new advertising library that, in reality, contained an encrypted part that could download and install malicious code on the smartphone.
The developers of CamScanner, a very popular application on Android with over 100 million downloads, suddenly lost all their karma. Hitherto adored for the quality of their document scanning application, they are now plague victims. “You can not trust you anymore”, “You have failed”, “It’s disgusting”, “I want to be paid back”, “CamScanner? Rather CamScammer “… can we read on Twitter.
The reasons for this anger? Kaspersky’s security researchers discovered that the free Android smartphone app had recently integrated a new ad library, and that it was actually a Trojan. In an encrypted part of the module was, in fact, a “downloader” which, once activated, was looking for other modules to install on the server abc.abcdserver [.] Com. He could therefore install and execute arbitrary code on the smartphone, which is clearly malicious behavior.
A new version is available
Alerted by Kaspersky, Google ejected the application from its online store. For its part, the publisher of CamScanner confirms that version 5.11.7 of its application contains an advertising module of the company AdHub which, among other things, “generates unauthorized advertising clicks”. “The injection of suspicious code violates CamScanner’s security policy! We will immediately take legal action against AdHub! “, Insists the publisher, who already offers an updated version, redacted from this famous bookstore. To obtain it, however, you must go directly to the CamScanner site because it is not yet available on Google Play.
This story shows, in any case, that the security features implemented by Google are not very effective. On Google Play, the appearance of this new malware did not cause any alert. And the Google Play Protect local protection device did not notice either.
Google is trying to shield its Play store
The giant is visibly aware of these limitations. It has just announced an extension of its Security Reward Program reward program that allows security researchers to get bonuses for flaws found in the most popular applications (more than 100 million downloads). Google has also launched a new reward program. Called Data Protection Reward, it is intended for researchers who detect an abuse in the processing of personal data in mobile applications or Chrome extensions.
Source: Kaspersky: https://www.kaspersky.com/blog/camscanner-malicious-android-app/28156/