Google Play is the safest place to download Android apps, but it’s not entirely risk free. The platform allowed users to be exposed to malware present in an application with more than 100 million downloads.
According to researchers at Kaspersky Lab, the malicious component was in CamScanner, which served to digitize files. It was published on Google Play as a legitimate application, but is no longer secure in one of its updates.
Kaspersky’s analysis points out that, at some point, the application started to have a “trojan dropper”, that is, a component capable of downloading malicious code from other sources. In this case, it downloaded encrypted codes from a server and ran them on the device.
The component, which was called “Trojan-Dropper.AndroidOS.Necro.n”, performed what its creators determined, such as showing invasive ads and downloading applications without users’ authorization.
“Module owners can use an infected device to their advantage in whatever way they see fit, from showing invasive ads to the victim to stealing money from their account by charging paid subscriptions,” says Kaspersky.
CamScanner claims that the malicious component appeared in the application after integrating an ad network called AdHub. “Fortunately, after rounds of security verification, we found no evidence showing that the module could cause data leaks,” said the company.
The app was removed from the Play Store after the alert, but its developers promise to release a new, more secure version in the future.