Kasperky researchers have found malware in the popular Android app CamScanner. The PDF creation application has been downloaded more than 100 million times, but it contained a trojan dropper via an infected ad library.
The researchers studied the app more closely after suddenly many negative reviews were written about it. The researchers say the application has always been a legitimate app that monetized itself through advertisements and in-app purchases. CamScanner allowed users to create PDFs from photos. Recently, the app added a new ad library that contained a module called Trojan-Dropper.AndroidOS.Necro.n.
Such a trojan dropper can be used to download other modules containing malware. As an example, the researchers cite a module with other, more aggressive advertisements, or a module that can sell the victim a paid subscription to an app. What the trojan dropper was used for in this particular case is unknown. Nor is it known whether CamScanner added the module on purpose or whether it happened by accident.
Google has temporarily removed the app from the Play Store after Kaspersky researchers contacted the company. Meanwhile, CamScanner has updated its app and removed the module itself from the app.