CamScanner is a phone-based PDF creator that includes OCR (optical character recognition). The app has been downloaded over 100 million worldwide. However, such a well-known and formal application has hidden malicious modules for loading other modules or advertising in new versions submitted recently.
According to Kaspersky, a new version of the recent scan of CamScanner has a malicious module that can bypass Google malware detection to load other modules directly from the server. Although CamScanner has already encrypted the relevant modules, it is still detected. Kaspersky claims that this malicious module is actually an Android Trojan.
CamScanner uses this Trojan to download additional modules and then use it to post intrusive ads, such as pop-up ads on the lock screen or elsewhere. Users can’t close and most users don’t know which application these pop-up ads pop up. Kaspersky said that the Trojan can actually download any new Trojans in accordance with server instructions.
After Kaspersky submitted the analysis report to Google, Google quickly removed the CamScanner app from the Play Store. Kaspersky said it appears that its developers have removed malicious modules and resubmitted them.