Attackers get free access to install anything they wanted
Popular PDF app CamScanner, available to download from the Google Play Store, has been inadvertently allowing crooks to install malware on victims’ phones.
As The Register reports, researchers from Kaspersky discovered that the app contained a trojan that allowed malicious software to be run silently in the background. Igor Golovin and Anton Kivva say the trojan, known as Necro.n, was probably disguised as a legitimate advertising package, and CamScanner’s developers were likely unaware of what was happening.
Necro.n doesn’t actually contain any malicious software itself, but it provides a gateway for crooks to install whatever they like – whether that’s software that shows ads for disreputable businesses, or apps that charge you money through illicit premium subscriptions.
Be on your guard
This discovery serves as a reminder that although Google strives to check apps in the Play Store for malicious code, it’s not infallible.
In fact, it’s been found that some Android phones even come with malware pre-installed. Phones can be sold with hundreds of apps installed, and only one needs to be compromised for attackers to gain access to your device.
“It looks like app developers got rid of the malicious code with the latest update of CamScanner,” says Kaspersky. “Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code.”