Google has been on the receiving end of a lot of criticism for not doing enough to prevent malware, Trojan and other malicious software from plaguing apps in the Play Store. While there has been a new, stringent vetting process before letting apps appear in the Play Store, a highly-popular Android app, CamScanner, has been removed from the Android app marketplace.
CamScanner suddenly disappeared from the Play Store, which came as a surprise to many as the credible document scanning app served millions of users and had a 4.6-star rating. But the reason behind its removal from the Play Store is hosting an advertising library containing a malicious module.
CamScanner's ill intentions were discovered by the researchers at Kaspersky Lab, who said the app with over 100 million downloads housed a malicious module that showed ads or downloaded apps in affected Android smartphones without users' knowledge or consent.
"CamScanner was actually a legitimate app, with no malicious intentions whatsoever, for quite some time," Kaspersky noted. "It used ads for monetization and even allowed in-app purchases. However, at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module."
According to the researchers, the app contained Trojan-Dropper.AndroidOS.Necro.n module in its recent versions, which is a Trojan dropper. This infection allows for the owners of the module to infect devices with other kinds of malware. Through this, hackers could benefit their own needs by showing intrusive ads or steal money from a victim's mobile account by charging for paid subscriptions.
If you are using CamScanner on your phone, it is best to uninstall it right away. There are several other apps from trusted sources to carry out the functions of CamScanner. Users can switch to Microsoft OneNote, Google Drive or Apple Notes.
Google has removed CamScanner from its Play Store, but it questions Google's efforts to rid its Play Store of such malicious apps. In the case of CamScanner, the malicious code was added only in the recent update. This teaches an important lesson to end-users to verify permissions and check for reviews not only before downloading the app for the first time but also before updating apps that you usually trust.