100+ million users installed this PDF creator app with dangerous malware from Google Play

apps on phone
Smartphone apps Pixabay

In recent weeks the android users were constantly informed about threatening malware which they unknowingly allowed in the system by downloading a series of apps which were available in Google Play. Recently, Kaspersky researchers detected malware in an app, which is a phone-based PDF creator and has more than 100 million downloads in Google Play.

The Russia based cybersecurity company, Kaspersky reported that their researchers found the malware in the highly popular app called CamScanner, which is a PDF creator that includes OCR (optical character recognition).

It should be noted that some of the CamScanner app users have spotted suspicious issues. They also left warnings in the review section of Google Pay to let others aware of such malicious activities.

Later, when the researchers from Kaspersky analysed the recent version of the app they noticed that it has a malicious module. Soon after the finding, they reported this issue to the tech giant Google, the app was "promptly removed" from Google Play.

It is important to know that CamScanner was "a legitimate app," it previously had no malicious intentions. As per the researchers from the cybersecurity company, the app used advertisements for monetization and even allowed in-app purchases but at some point, it changed "and recent versions of the app shipped with an advertising library containing a malicious module."

The researchers detected that "this module as Trojan-Dropper.AndroidOS.Necro.n, which we have observed in some apps preinstalled on Chinese smartphones," and as the name suggest it is a Trojan-Dropper.

It means that the malware was designed as a delivery mechanism for other malware with a specific purpose. So the dropper might be used to install a malware that can steal any users banking details or generate fake ads or sign up for fake subscription.

As per the researcher, even though Google Play is considered one of the safest platforms but "unfortunately nothing is 100 percent safe."

"The problem is that even such a powerful company as Google can't thoroughly check millions of apps. Keep in mind that most of the apps are updated regularly, so Google Play moderators' jobs are never done."

Google Play Protect is designed to guard against app vulnerabilities. In 2018, the company detected and removed several malicious developers and stopped more malicious apps from entering the Google Play Store.

It should also be mentioned that in past few years the number of rejected app submissions has increased by more than 55 percent.

But in the past few weeks, reports came on android vulnerability, especially from the apps installed from Google Play that includes Agent Smith malware as well as pre-installed malware which was found in millions of Android phones.