Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Android Google Software

Trojan Dropper Malware Found In CamScanner Android App With 100+ Million Downloads (bleepingcomputer.com) 34

Kaspersky security researchers have discovered a Trojan Dropper malicious module hidden within the Android app CamScanner that's been downloaded over 100 million times on the Google Play Store. After they reported their findings, Google removed the app, but added, "it looks like the app developers got rid of the malicious code with the latest update of CamScanner." They conclude: "Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code." BleepingComputer reports: As a confirmation to sudden increases in negative ratings and user reviews usually pointing out to something not exactly going right with an app, the researchers found "that the developer added an advertising library to it that contains a malicious dropper component." In this case, while CamScanner was initially a legitimate Android app using in-app purchases and ad-based monetization, "at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module," says Kaspersky.

The module dubbed Trojan-Dropper.AndroidOS.Necro.n is a Trojan Dropper, a malware strain used to download and install a Trojan Downloader on already compromised Android devices which can be employed to infect the infected smartphones or tablets with other malware. When the CamScanner app is launched on the Android device, the dropper decrypts and executes malicious code stored within a mutter.zip file discovered in the app's resources. "As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions," found the researchers.

This discussion has been archived. No new comments can be posted.

Trojan Dropper Malware Found In CamScanner Android App With 100+ Million Downloads

Comments Filter:
  • ""As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions," found the researchers."

    What the hell is a "mobile account"?

    • Re:Mobile Account? (Score:5, Interesting)

      by SilentChasm ( 998689 ) on Tuesday August 27, 2019 @08:26PM (#59131646)
      Some carriers provide the ability to subscribe to things directly through your cell phone bill. This allows the cell service provider to stay in the middle of some transactions instead of just being relegated to being a dumb pipe of voice, text, and data. I imagine they are very jealous of Apple/Google's app and content store revenue and that they setup such a system to try to take a cut of the market.
      • This is one of my main concern about using smart phones for important stuff. We are encouraged to install random crap from random people and at the same time use it for things like banking, payments etc. There is a permission system but we are taught to ignore it just like the Windows "security" nag boxes of old. Important permissions should have been in bold-faced blinking red and excessive permissions (like network access for a flashlight) should not be allowed at all. It should be possible to sort apps

        • like network access for a flashlight

          Or everything wanting access to my contacts list. This reminds me of the time I needed a flashlight to plug something into my PC under my desk without removing the whole thing. All the flashlights I found had flat batteries, couldn't find fresh batteries, so I thought I would just use my cellphone flash as a torch (which is built in nowadays, but it wasn't then). Every single app I downloaded asked for ridiculous permissions (other than camera) and I refused. Ended u

          • All you needed was to open any app or menu that produces a nearly all white display. That's all these flashlight apps really do. Yeah some can do different colors, or psychedelic effects, or whatever but this is not needed at all if you just need a flashlight.

  • I just had this conversation on another thread yesterday. This is one of the reasons I use an iPhone. When is the last time there was a malware app slipped through the apple store with a huge number of users? How often has that happened compared to google's store? So many people here bash Microsoft for windows being a virus / malware magnet then turn around to praise the awesome that is their droid. I'm seriously honestly not trying to bash but I just don't get it. I just see cognitive dissonance on
    • In fact, in late 2015 something similar happened on iOS. It also affected CamScanner, which is why this article piqued my interest. In that case, they were using a compromised version of Xcode itself (not downloaded from Apple but from somewhere else). The compromised compiler inserted malware into each binary it built - basically the "Ken Thompson Hack". It's quite surprising that something similar happened to them again. It's the "Fool me once..." thing I suppose.
    • When you go to a department store does someone hold your hand there so you don't get lost?
      • Yes. Yermom does. Did I properly descend to your level with that comment? You added no signal. All noise. Make you feel big?
        • I'm just tired of hearing nothing about "personal responsibility" around here, but no one seems to take it with their personal devices.
          • In what way do I not take responsibility for my devices and my choice of devices? I clearly stated I've tried them all. I chose the ones that require least administrative effort on my part while still getting shit done. I don't want to be a phone sysadmin. I don't want to worry about having the latest AV on my phone and does it have the latest malware signatures. I want a fricken phone! And since it's 2019, I want a phone with email, browser, chat, a few simple games, and all the apps I'm nearly requi
            • Because it prevents you from being led around the nose by Apple. iTunes (or whatever method they corral you into now) should not be the only way to do things. There should be an effort to make it work for everyone rather than people who own other Apple devices. When every app has to have an embedded web server so you can get files to it, something is wrong with the model.
              • I actively chose apple after using two droids. My alternative is being led around by google? Jesus, like that's so great. As far as iTunes goes, I don't use it although it does exist on windows. I have no idea if it's truly the same between iOS macOS and windows or if a Linux client exists but it definitely exists for windows for -many- year's. I chose Apple. It works for me. I don't want to be a phone sysadmin. It is more secure than droid. Google isn't slurping up my data. They support updates f
                • That's fine if you don't need to use it. But you're probably using iCloud, which many people don't want to do. No one should be forced into storing data on a third party.
                  • Why do I want droid?
                    • Because it's the only OS that doesn't interfere with your interaction with the device. I guess Apple and Google both suck in their own way, but I don't need digital signals from my device to the PC right in front of me funneled through a medium that will expose me to more advertising. I get creeped out enough when I'm in an Apple store, I don't want that in my daily life.
                    • Lolomgwtfbbq! You are concerned with privacy so you buy from google? Now you're just trolling me. I think you have been all along. Bye.
                    • Are you responding to me? I never said I am concerned about privacy. I'm saying my concern about using my device directly outweighs my concern for privacy.
  • ...and now it is deleted from my phone. Never signed up for the cloud storage service.

  • Kaspersky.
  • by tal_mud ( 303383 ) on Wednesday August 28, 2019 @12:28AM (#59131978)

    I have used CamScanner often. How do I detect if I am infected? Neither BitDefender nor ESET found any problems. I am wary of installing Kaspersky :-(

    How do I remove and cleanup any problems?

    • You install and use kaspersky to find this and then use a kaspersky scanner to find that and then you .... It's turtles all the way down.
    • I have used CamScanner often. How do I detect if I am infected? Neither BitDefender nor ESET found any problems. I am wary of installing Kaspersky :-(

      How do I remove and cleanup any problems?

      AFAICT, there's no evidence that this trojan dropper carried any payload capable of breaching the app sandbox, so uninstalling the app and deleting all files in the shared data space (go to Settings -> Storage -> Files) should take care of it. If you want to be completely certain, factory reset your phone.

      Also, a comment on Android anti-virus apps... you're completely right to be wary of Kaspersky, but you should be wary of all of them. Unless you've rooted your device (in which case my previous c

  • And now I'm waiting for it to return. I've used it in the past and it is a well made app, suitable for contractors or work abroad where you don't have access to a scanner or PDF converter.

    • by b0bby ( 201198 )

      I have used the paid version for many years now (not any subscription, just the license) - it has always worked well for me. I may try Office Lens instead now, but I think that the paid version, since it didn't have the ad framework, is likely not affected. I'm basing this on speculation, though, so don't take my word for it.

    • I switched to ClearScanner. Works as easily as CamScanner use to, and has a lot of CamScanner defectors.
  • I keep hearing about how X app has 100 million plus downloads, and yet I never hear about it until it's mentioned here on Slashdot, or other sites when there is malware involved. And I am very much in the know about these things.

    I think these kind of numbers are artificially inflated, and likely by the botnet that the unfortunate few who download X are now unwittingly part of. "ooh, this app has 100M+ downloads! It must be legit!"

    Google might want to look into patching the hole in Google Play that

Force needed to accelerate 2.2lbs of cookies = 1 Fig-newton to 1 meter per second

Working...