CamScanner Case: When An App “Sneaks” Malicious Software.
A security alarm related to a scanner app, CamScanner jumped relatively recently. This smartphone-based application is mainly used for the creation of PDF files which include OCR (i.e. optical character recognition) and has more than 100M downloads from Google Play. Today, the case is closed and the app is safe, but it serves as an excuse to understand what happened and how to better protect us from malware.
Those more than 100 million downloads may sound like a guarantee that the application is legitimate (that it is) and that it will not compromise our security since we already know that Google Play, and the rest of the official app stores, offer applications that are verified and pass security controls. But there is no complete security, 100%.
What Happened With CamScanner?
CamScanner is conceived as a legitimate application, without any malicious intent. Like so many legitimate applications, it showed ads for monetization, allowed purchases within the application and all these usual features.
This module is known as Trojan-Dropper.AndroidOS.Necro.n and Kaspersky experts had observed it in some applications preinstalled on Chinese smartphones. What a Trojan-Dropper? It is malicious software whose objective is to install another malicious code on the victim device or a new version of some previously installed malware.
In this process, the module will execute and extracts one more malicious module from an already encrypted file which is included in the resources of the “guest” application. This malware program is the reason for download Trojans and more malicious modules depending upon their creator’s want to achieve at any point of time.
For example, malicious modules can display intrusive advertisements and register users in paid subscriptions on external services.
Once the malware was detected, the process was standard:
- Report the finding to Google;
- The withdrawal of the Google Play application;
- The creation of a new clean version of malicious software.
The lesson we can get out of all this is that any application, no matter how legitimate it may seem, no matter how many hundreds of millions of downloads you have and, of course, no matter how much it is present in the best app stores on the market, you can change ( somehow), and end up being malware, practically overnight.
That is why it is so important, crucial, to have good security tools (of course, always following the main security guidelines when installing applications on our devices ), such as antivirus and antimalware. We must keep in mind the impossibility of 100% security and, therefore, have good backups for all our devices.