Camscanner, an app used popularly to convert photos of your physical documents into PDF files, was recently found to have an advertising library containing a malicious module.
The module, specifically the Trojan-Dropper module, was found malicious. It extracted and executed another malicious module from an encrypted file that was found within Camscanner’s resources. The malware was first found by Kaspersky researchers.
This module, known as Trojan-Dropper.AndroidOS.Necro.n has been previously discovered in some preinstalled apps on Chinese smartphones. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources.
Some users of the CamScanner app had already spotted suspicious behavior and left reviews on the app’s Google Play page with warnings to avoid the app.