If you’re using the free version of the CamScanner app, beware — researchers found a hidden Trojan Dropper module within the app.
CamScanner is a popular Phone PDF creator app that has been downloaded more than 100 million times from the Google Play Store. But following a slew of bad reviews, researchers at Kaspersky further analyzed the app and found “that the developer added an advertising library to it that contains a malicious dropper component.”
Further analysis of the Trojan Dropper revealed that “owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”
After Kaspersky reported its finding, Google removed CamScanner from its Play Store. And, although “it looks like the app developers got rid of the malicious code with the latest update of CamScanner,” researchers advise users that “versions of the app vary for different devices, and some of them may still contain malicious code.”
Also worth noting, the paid version of the CamScanner app does not include the malicious module.