The CamScanner app that is used for scanning documents and creating PDFs has been removed from the play store. This app was available on Android and iOS.
Security researchers at Kaspersky found malware in various versions of the app that were published to the Google Play store in June and July. The app was published on the Play Store by Shanghai-based CC Intelligence and has over 100 million downloads on the Play Store since it’s launch back in 2010.
The scanning application for Android has a free version and a paid version which contains zero ads. Initially, the company has depended on ads and also in-app purchases to earn revenue from the app. However, the latest versions of the application featured a new advertising library that contained a “Trojan-Dropper” malware.
According to Android Police, the malware first appeared in the June 16 update of the app (version 18.104.22.16890616) and persisted through the app’s June 25 update (version 22.214.171.12490725). But later it was removed in the June 30 app update (126.96.36.19990730).
This “dropped” malware, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment. For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions.
Kaspersky described in a blog post.
The free version of CamScanner is still unavailable on the Google Play Store while the paid version is urging users to update to the latest version ASAP.