With over 100 million installs, CamScanner is one of the most popular scanning apps on the Play Store. That didn’t matter much to Google, which removed the app from the Play Store due to malicious code discovered yesterday.
According to security firm Kaspersky, the malicious code was spotted in several CamScanner updates published between June and July. Researchers identified the code as Trojan Dropper, software also discovered in some pre-installed apps on Chinese smartphones.
Trojan Dropper extracts and runs other malicious code from an encrypted file in the APK. The other malicious code was identified as Trojan Downloader, which downloads other malicious code based on what the app creator wants to do. For example, CamScanner showed intrusive ads and signed up some users to paid subscriptions they didn’t consent to.
Kaspersky reported its findings to Google, which took down CamScanner from the virtual app storefront. However, Android Police reported today the app is back up on the Play Store. The outlet also noted every app update since August 1 with version 22.214.171.12490730 has been clear of Trojan Dropper.
In a statement released on Twitter today, CamScanner placed the blame on a third-party advertising SDK provided by AdHub. According to CamScanner, the SDK was reported for containing the Trojan Dropper module and producing “unauthorized advertising clicks.” The app maker also said it “will take immediate legal actions against AdHub.”
CamScanner also released a statement near the end of July. The statement insinuated the app was fine, with people urged to update their antivirus apps and download antivirus apps directly from the Play Store.