+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

CamScanner removed from the Play Store due to advertising malware

Aug 29, 2019, 15:40 IST
Credits:Google Play

  • CamScanner has been found to be loaded with advertising malware, putting the security of over 100 million users at risk.
  • The CamScanner Android app has been spotted loaded with malware from AdHub, one of their advertising partners.
  • Google had immediately removed the CamScanner app from the Play Store after Kaspersky’s repor
Android’s security woes don’t seem to abate. The latest popular Android app to join the list is CamScanner, a very popular document scanning app. CamScanner has been found to be loaded with advertising malware, putting the security of over 100 million users at risk.
Advertisement

According to findings posted by Kaspersky Labs, the CamScanner Android app has been spotted loaded with malware from AdHub, one of their advertising partners. Google had immediately removed the CamScanner app from the Play Store after Kaspersky’s report. However, millions of users still have the app installed on their smartphones, which poses a massive risk to their security.

CamScanner removed from Play Store

Explaining how the malware works, Kaspersky said that it extracts and runs another malicious module that is stored in an encrypted file found in the app’s resources. This is most likely to try and evade detection from the built-in security scanner in the Play Store.

CamScanner continues to be removed from the Play Store.

CamScanner acknowledges the problem

On its part, CamScanner has acknowledged the problem and stated that the code injection from AdHub violates the app’s security policies. To this end, CamScanner developers have initiated legal proceedings against AdHub.

To make sure this does not happen again, CamScanner says that it has removed all advertisement SDKs that haven’t been approved by Google. This, however, begs the question as to why the company added unapproved SDKs in the first place.
Advertisement


A new version of CamScanner without the AdHub advertising SDK is expected to be available in the Play Store soon.

Uninstall CamScanner now

CamScanner’s statement also notes that the affected version is 5.11.7, but a Reddit post has revealed that several subsequent versions are also affected. At this point of time, you are better off switching to alternatives like Office Lens, Adobe Scan, Scanbot and others.

Other Chinese apps affected, too
Kaspersky notes that this Trojan Dropper module was found in other Chinese apps as well.

CamScanner, in its statement and tweets, revealed that the malware is responsible for ad click fraud, and that it does not access users’ data or documents.

While that may not be very reassuring, the revelation is interesting. Other big developers like Cheetah Mobile have also been found to be committing ad click fraud, with over half a dozen apps detected by Buzzfeed News.

Advertisement
In response, Google removed two apps – one from Cheetah Mobile and another from Kika Tech. The two apps together accounted for over 250 million downloads.

Cheetah Mobile dismissed the news by stating that the CM File Manager app accounts for a small amount of the company’s revenue, showing the company’s dismissive attitude towards these serious findings.

With Chinese apps dominating the Indian app market, security issues like these could affect us more than other Android users.
    You are subscribed to notifications!
    Looks like you've blocked notifications!
    Next Article