Today read a report in the newspaper that the app with I regularly use for scanning images and converting to PDF- Camscanner has a trojan in it ! I was like WTF? It had over 100 million installs and trends on the Android home page. I had used this app several times and never doubted about it. Anyway, after Kaspersky people reported this trojan, Camscanner was promptly removed the Google play store – although some users ( especially from India ) have claimed that they can still see the app on the play store.
Details
The name of the trojan is ‘Trojan-Dropper.AndroidOS.Necro.n’. When the CamScanner app is launched on the Android device, the dropper decrypts and executes malicious code stored within a mutter.zip file discovered in the app’s resources.
Once the trojan is activated, considering the app has permission to camera and storage which is already granted by the user, it could do a lot of things ! Moreover considering the user base of this app ( 100 millions + users) and the wide variety of 0 day exploits out there in the wild, the possibilities of rogue operations are just endless
Although I immediately removed the app from my phone, I imagined the possibility of yet to be uncovered trojans which would have been intentionally or unintentionally added by app developers to their apps. Everyone knows that Android follows a very sloppy review mechanism, but this definitely caught me off guard.
As more and more crucial transactions are carried over the phone, identify theft and stolen data could become much more common than we think