Google Play Store has actively been weeding out apps for engaging in malicious behavior ranging from ad fraud to seeding harmful code. But despite the vigilant approach, some malware loaded apps are spotted from time to time and are booted off the app repository after ranking in a millions of downloads.

The latest app to get booted from the Google Play Store is CamScanner, an app that convert photos of documents into PDF format and is fairly popular among users.
CamScanner was found to contain malware that could seed ads and prompt users into signing up for paid services.

As per the findings of Kaspersky researchers, CamScanner's recent versions shipped with an advertising library containing a malicious module. The malicious Trojan Dropper module, which has been identified as "Trojan-Dropper.AndroidOS.Necro.n", has previously been observed in some Chinese apps as well. What this module did is it extracted and ran another malicious module from an encrypted file that is found in the app's resources.

The resource-linked module, which is also called a "dropped" module, was found to be a Trojan downloader that downloaded even more harmful modules. After that, it would depend on how a malicious party intends to exploit these modules.

It was also observed that the developers behind CamScanner got rid of the module in the latest version of the app. But since different phones might be running different versions of the app, some of which might contain the malicious code in its resource files, it is better to uninstall the app and download it again only when it is back on the Play Store after due verification.

STAY TUNED FOR MORE UPDATES...