With over 100 million installs, CamScanner is one of the most popular scanning apps on the Play Store. That didn’t matter much to Google, which removed the app from the Play Store due to malicious code discovered.
According to security firm Kaspersky, the malicious code was spotted in several CamScanner updates published between June and July. Researchers identified malicious module as ‘Trojan-Dropper.AndroidOS.Necro.n.’ As per the report, this malware module was previously spotted in a few apps that came preinstalled on some Chinese smartphones.
Trojan Dropper extracts and runs other malicious code from an encrypted file in the APK. The other malicious code was identified as Trojan Downloader, which downloads other malicious code based on what the app creator wants to do. For example, CamScanner showed intrusive ads and signed up some users to paid subscriptions they didn’t consent to.
The malware module was spotted only on the Android version of the app and it seems like its iOS version is still available on the App Store, probably because of Apple’s strict app vetting policies. The researchers also reported that the latest versions of CamScanner have seemingly removed the malware module, although they warn that “versions of the app vary for different devices, and some of them may still contain malicious code.”
According to Android Police, CamScanner’s malware first appeared in the June 16 update of the app (version 188.8.131.5290616), and persisted through the app’s June 25 update (version 184.108.40.20690725). It was removed starting with the June 30 app update (220.127.116.1190730).
However, this malware got into the app, and regardless of whether its latest version is clean or not, the incident was severe enough to earn CamScanner a temporary ban from the Google Play store. You’ll still be able to find “CamScanner HD” on Google Play, but the original “CamScanner” app appears to be gone—and developer INTSIG is now asking users to sideload a version of the app on their devices instead of linking to the Google Play store.
Our advice? CamScanner betrayed your trust, and it’s time to switch to an app you won’t have to worry about. Remove it and install a better document-scanning app, such as Adobe Scan or Microsoft Office Lens. You can even use the built-in scanner found in the Google Drive app, if you prefer. All are solid options, especially since they have never attempted to infect your device with crap you don’t want.