There's trouble brewing in the Google Play Store... again. This time the threat comes from CamScanner, which for quite some time has been a popular app that allows Android users to create PDF documents using optical character recognition (OCR) technology. The app was developed by Chinese firm CC Intelligence.
However, in recent weeks, it appears that CamScanner has taken a turn for the worse, and has unleashed a malware campaign on unsuspecting Android users. CamScanner had previously used in-app ads and in-app purchases for its monetization efforts, but recent versions of the app have included a new advertising library tainted with a trojan. The malicious module has been identified as Trojan-Dropper.AndroidOS.Necro.n, and is what's called a Trojan Dropper. It serves as a gateway of sorts to deliver malware onto a user's smartphone.
“The above-described Trojan-Dropper.AndroidOS.Necro.n functions carry out the main task of the malware: to download and launch a payload from malicious servers." writes Kaspersky Lab, who first brought widespread attention to CamScanner's latest exploits. "As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”
CamScanner has been downloaded a total of 100 million times since it was initially released, and there's probably a good chance that you might have stumbled across the app at some point -- or maybe even installed it.
Attention was brought to CamScanner after users begin leaving numerous negative reviews for the app complaining about the "presence of unwanted features" and obnoxious advertisements being presented on the screen.
Google was notified about CamScanner's turn to the dark side, and it for now has been banished from the Play Store. For those that already have the app installed, now might be a good time to delete the app and run far away from any other apps developed by CC Intelligence.