MANILA, Philippines – CamScanner, a PDF creation and optical character recognition application with more than 100 million downloads on the Google Play Store, is taken off the store following a Kaspersky Lab report saying a version of the app had malware on it.

The report, released Tuesday, August 27, said the app was originally legitimate and had no malicious intentions, but Igor Golovin and Anton Kivva looked into the application following recent negative reviews of the app on the Google Play Store citing suspicious behavior on CamScanner.

The researchers explained, “After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. Previously, a similar module was often found in preinstalled malware on Chinese-made smartphones. It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser.”

The “malicious dropper component” is called Trojan-Dropper.AndroidOS.Necro.n, and is classified as a Trojan Dropper. A follow-up Kaspersky blog post on the issue described it as “a malware strain used to download and install a Trojan Downloader on already compromised Android devices which can be employed to infect the infected smartphones or tablets with other malware.” 

Because of the nature of the trojan dropper malware, users could thus be served intrusive ads, signed up for paid subscriptions or have other malware installed on their devices.

Kaspersky alerted Google which took down CamScanner from the store, even though the app developers managed to remove the malicious code in the latest version of CamScanner.

It is likely Google is making sure the malware-carrying version of the application is scrubbed to avoid a repeat, especially since different devices may support or currently hold different versions of CamScanner on their phones. – Rappler.com