Researchers found a Trojan Dropper malicious module hidden within the Android app CamScanner downloaded over 100 million times by Google Play Store users.
The malicious component was found by Kaspersky security researchers Igor Golovin and Anton Kivva while taking a closer look at the insides of the CamScanner app following a deluge of negative reviews posted by users over the last few months,
As a confirmation to sudden increases in negative ratings and user reviews usually pointing out to something not exactly going right with an app, the researchers found "that the developer added an advertising library to it that contains a malicious dropper component."
Similar modules pre-installed on low-cost devices
This is not the first time this type of malicious module was discovered on Android smartphones, with pre-installed versions having been found on over 100 low-cost Android devices in 2018 and more than two dozen device models in 2016.
In both cases, the malicious component was used by the threat actors to push ads to the infected devices, while the Android smartphones and tablets found to be compromised also installed unwanted apps behind the users' back.
CamScanner Play Store entry
In this case, while CamScanner was initially a legitimate Android app using in-app purchases and ad-based monetization, "at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module," says Kaspersky.
The module dubbed Trojan-Dropper.AndroidOS.Necro.n is a Trojan ..
Support the originator by clicking the read the rest link below.
