Android, app with 100 million downloads hides a virus

Kaspersky researchers have discovered a dangerous virus inside CamScanner, an app downloaded more than 100 million times

Another infected app has mocked the Google Play Store's antivirus checks and, this time, it's a very famous app: CamScanner, an application to turn your smartphone's camera into a document scanner, which has more than 100 million installations.

Kaspersky Lab researchers discovered a Trojan dropper (i.e. a code used to download viruses to a device) inside the app, called Trojan-Dropper.AndroidOS.Necro.n. A virus, fortunately, already known to the main antivirus software. Researchers' attention was focused on CamScanner after negative reviews on this app, previously highly appreciated by users, increased dramatically in recent months. Google has removed CamScanner from the Play Store, but the episode has reinvigorated controversy over the security of the store, which, despite theoretically having security checks for published apps, too often lets infected software through, allowing users to download and install it.

How Trojan-Dropper Works.AndroidOS.Necro.n

The module dubbed Trojan-Dropper.AndroidOS.Necro.n is a Trojan Dropper, a variety of malware used to download and install a Trojan Downloader on already compromised Android devices, which can be used to infect smartphones or tablets with other malware. Basically, it is the piece of code that initiates the infection, downloading the actual viruses. When the CamScanner app is launched on the Android device, the dropper executes the code stored in a compressed Zip format file. The consequences can also be very serious, as Kaspersky explains: "Module owners can use an infected device to their advantage in any way they see fit, from intrusive advertising to the victim to stealing money from the mobile account by subscribing to paid services."

Too many viruses on the Play Store?

The discovery of this Trojan Dropper inside such a popular and successful app reopens the controversy over Play Store security. In August alone, to name the most recent cases, 33 infected apps (downloaded a total of 100 million times) were discovered on the Play Store, as well as an open source malware called AhMith that, despite being known for years, was found inside two music apps.

CamScanner, the updated version arrives

The developers of CamScanner have released a statement saying that they have removed the virus from the application's code. In a few days it will be available again on the Google Play Store.