Camscanner, an app used popularly to convert photos of your physical documents into PDF files, was recently found to have an advertising library containing a malicious module.
The module, specifically the Trojan Dropper module, was found malicious. It extracted and executed another malicious module from an encrypted file that was found within Camscanner's resources.
The malware was first found by Kaspersky researchers. The following is an excerpt from their blog post describing the malicious module:
"Kaspersky products detect this module as Trojan-Dropper.AndroidOS.Necro.n, which we have observed in some apps preinstalled on Chinese smartphones. As the name suggests, the module is a Trojan Dropper. That means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped" malware, in turn, is a Trojan Downloader that downloads more malicious modules depending on what its creators are up to at the moment.
For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions."
Kaspersky reported the issue to Google and it was promptly taken off its Play Store. Some users of the CamScanner app had already spotted suspicious behavior and left reviews on the app’s Google Play page with warnings to avoid the app.
CamScanner was actually a legitimate app, with no malicious intensions whatsoever, for quite some time. It used ads for monetization and even allowed in-app purchases. However, at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module.
If you have previously downloaded the app, we suggest you to uninstall the app to keep your data from getting compromised.
You can still download an app named 'CamScanner HD' from the Play Store, but we wouldn't trust the authenticity of the app. For now, your best options to scan and convert PDF documents are Adobe Scan, Microsoft Office Lens or even the in-built scanning functionality of the Google Drive app.