It’s easy enough to avoid installing dodgy apps on the Google Play Store, but what if one of those apps turns out being one you thought was trusted? That’s exactly the issue millions of CamScanner users are facing today.
According to a report by security firm Kaspersky, some builds of the popular document scanning app have been infected by a malware advertising library.
No ad to show here.
It comes after Kaspersky users reported receiving notices about the app being a “risk”.
This library has a knack for appearing on some Chinese smartphones, and downloads malicious software in the background. Even scarier is that fact that this malicious software — called a trojan dropper — downloads even more malicious software too, which can fit the needs of its creator.
“For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions,” Kaspersky writes.
It’s not clear when CamScanner was infected, but when we searched for the app on the Play Store on Wednesday morning, it seems the publisher has removed it. Only the license purchase, which activates the paid version, is available.
If you do have CamScanner installed at present, it would be best to update the app to the latest version available.
Kaspersky believes the publishers have seemingly rid the app of its malicious code, but also warned that if you have an older version, you could still be affected.
It’s not the first time an app on the Google Play Store was found to be malicious.
As early as 2012, fake apps posing as alternatives to popular services were rife on the Play Store.
In 2017, a game called Chef Judy was the subject of security researchers, when it was found to harbour adware made by a Korean company.
And just last month, Google removed a slew of apps dubbed “stalkerware” from its platform, which were found to invade users’ privacy by allowing others to spy on them.