Headlines:

Malicious code included in some versions of CamScanner PDF creator Android app

It was discovered that the hugely popular CamScanner PDF creator Android app from the Google Play Store recently started delivering malware.

Its recent versions included a new advertising library that contained a Trojan designed to deliver malware to Android devices. According to Android Police, CamScanner’s malware first appeared in the June 16 update of the app (version 5.11.3.20190616), and persisted through the app’s June 25 update (version 5.12.0.20190725). It was removed starting with the June 30 app update (5.12.0.20190730). The app has been downloaded over 100 million times from the Google Play store since it was first made available in 2010.

CamScanner

Now, it was removed. However, its corresponding iOS version is still available on Apple's App Store. Kaspersky issued warning that the "malicious code may show intrusive ads and sign users up for paid subscriptions." In fact, "it can be assumed that the reason why this malware was added was the app developers' partnership with an unscrupulous advertiser," noted Kaspersky researchers. To be safe, every user who installed the app must delete it. There are alternatives which can be used instead: Adobe Scan or Microsoft Office Lens.

Comments