You need to uninstall the CamScanner app now: Here's why
What's the story
Despite trying so hard, Google is failing miserably at keeping malicious apps from slipping into the Play Store. Just a few weeks back, dozens of malware-laced apps were found on the platform. And now, in another scary case an app called CamScanner, downloaded by more than 100 million people worldwide, appears to have been plagued. Here's all you need to know about it.
Issue
CamScanner app found carrying malicious module
In a recent vulnerability report, security researchers from Kaspersky Lab revealed that CamScanner, the popular photo-scanning app that offers PDF creation and OCR capabilities, has been carrying malware. They claimed the program was legitimate at first, but then it started shipping "with an advertising library containing a malicious module." This, in particular, was a Trojan-Dropper that opened the way for malware delivery.
Change
What this malware could do to your phone
In its initial configuration, CamScanner openly displayed ads and offered in-app purchases to rake revenue for its developers. However, after the introduction of the Dropper, the program had the capability to deliver a malicious payload, say like malware capable of generating fake ad views or stealing banking credentials. This posed a major security threat to millions of users of the program, the researchers emphasized.
Fix
Malicious module appears to have been removed from latest versions
While having an app with malware capable of executing any code is scary, the researchers note that the latest versions of CamScanner appear to have been fixed. However, considering the fact that app versions vary with devices, they note that some devices may still contain the malicious version of the app. CamScanner's developers have not commented on the matter thus far.
Problems
Clearly, Google needs to do more to weed out malware
The report from Kaspersky clearly shows that Google needs to do more to flag and weed out malicious apps in time. If not, attackers could use programs that have been downloaded millions of times as vectors to deliver dangerous malware and conduct mass attacks to steal personal/financial information. And, we're pretty sure mass attacks on phones around the world won't be a pretty situation.