Android app with more than 100 million users found delivering malware

Starting today! Hackers can remotely hijack your Android device and steal data stored on it!
Anyone who is using the free version of CamScanner is now at danger, cybersecurity researchers say.

Unfortunately, CamScanner is not safe anymore, cybersecurity researchers have just found a hidden Trojan-Dropper module within the app that could allow remote hackers to secretly download and install malicious program on users’ Android devices without their knowledge.
For those who don’t know CamScanner free is a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store.

The issue was investigated after many CamScanner users reported suspicious behavior and posted negative reviews on Google Play Store over the past few months.

Remember everything can be hacked. Therefore, you are strongly advised to always keep a good antivirus app on your Mac, like Antivirus CB from AppStore, on every device that you own. This can detect and block such malicious activities before they can infect your device. 
For the moment it is not clear who is responsible for this malware addition because, the malicious module doesn’t actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app.

The malware analysis of the malicious Trojan-Dropper module revealed that the same component was also previously observed in some apps pre-installed on Chinese smartphones.

The hackers behind the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.

Always be aware of everything! Even if Google has made huge efforts to remove potentially harmful apps from Play Store in the last few years and added more stringent malware checks for new apps, legitimate apps can go rogue overnight to target millions of its users.

The top security recommendation for this outrageous case is to just uninstall the CamScanner app from your Android device now; Google has already removed the app from its official Play Store.

Besides, always look at the app reviews left by other users who have downloaded the app, and also verify app permissions before installing any app and grant only those permissions that are relevant for the app’s purpose.

We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber-attacks. Remember to use antivirus for Mac like Antivirus CB which can be found on AppStore to try for free.