Security investigators Kaspersky revealed last night that they found a malicious component on CamScanner, one of the most popular apps in the Google app store (Google) – it has already amassed more than 100 million downloads.
The app was developed by the Chinese company Intsig, which specializes in image analysis to find certain patterns. The app allows you to scan documents for conversion into images or PDFs. It also allows the text to be scanned so that it can be searched or copied and pasted as if it were a standard digital written document.
Kaspersky said the app itself is not malicious, but in its latest versions, a code called Necro.n, which was previously found on Chinese phones, is used to download external malware capable of, for example, implanting many advertisements and even stealing a user’s money by signing up for a paid service without his knowledge.
Researchers emphasize that it is not at all certain that Instig, which was founded in 2010 and employs hundreds of employees, knew that its app contained this code. According to them, there is a high chance that the malicious code was part of a third-party ad serving that the old company had stuck to making money from the free users in the service.
Kaspersky has announced a breach to Instig and Google, and the app has been removed from the store. However, the paid version is still probably available due to the fact that it does not contain the external advertising component that is believed to contain the malicious code. Also, the company’s CamCard app, which is designed to scan business cards and make contacts with over 10 million downloads, is still available for download.
This is not the first time a malicious code has been discovered on CamScanner: In 2015, a similar malicious code was found in the Apple version of Apple (China) , as well as in dozens of other popular apps. Even then, the code was planted by a third party and not by the developers themselves, and apparently after updating and checking that this code was removed, the app would return to the Google store this time as well.