Trojan-Dropper discovered in Google Play Store with 100 million+ downloads

App researchers found a Trojan-Dropper malicious module hidden in Android app CamScanner. Here, it should be noted that the CamScanner app is very popular and has been downloaded over 100 million times from the Google Play Store.

The findings were revealed by Kaspersky security researchers Igor Golovin and Anton Kivva who took notice of the sudden increase in negative reviews over the last few months. Upon in-depth analysis, the researching team noticed that the app developers had added an advertising library that contained the malicious dropper component.

It is not uncommon to discover malicious modules in Android phones. In just 2018, researchers found the same issue in over 100 cheap Android devices while more than two dozen models were discovered to contain malicious versions in 2016.

In both the previous cases, the malicious component was used to include ads and unwanted apps to compromised devices.

However, in this case, the CamScanner was a legitimate app that utilized in-app purchases and ad-based monetization. But things suddenly changed when the recent versions included an advertising library that contained the malicious module.

Titled as Necro.n and detected as Trojan-Dropper.AndroidOS.Necro.n by Kaspersky, the CamScanner malware has the ability to decrypt and execute malicious code stored in the mutter.zip file found in the app’s resources.

As a result, the owner of the module can use the compromised device for their benefit in many ways including show them advertises that may seem inappropriate or make them pay for subscriptions that they don’t need.


After Kaspersky addressed its concern, Google immediately took action and removed the app from its Play Store. Nevertheless, the app developers also updated their app by launching a new version. Here's what the developer explained after the media reports:



However, Kaspersky recommends users to be wary when downloading the CamScanner app as versions of app vary in different devices and there is a good possibility of the malicious code appearing on the version available for the respective device.

August has not been a good month for Play Store. Just recently, researchers found adware in 85 apps that were downloaded more than 8 million times from the official Android store. Moreover, last week an Android app with spyware capabilities of the open-source AhMyth Android RAT managed to get past the automated malware protection on Google Play Store – twice in two weeks.

From the looks of things, Google should enhance its app scrutiny policy and tighten up their security measures to avoid such incidents – on a regular basis.


Photo: SOPA Images via Getty Images

Read next: Top 5K free apps on Google Play Store have vulnerabilities that allow hackers to attack servers, says a report

No comments:

Post a Comment