• CamScanner had more than 100 Million users in the android app store.
  • A trojan dropper has found which was showing malicious ads in the app.
  • iOS version of the CamScanner is not affected and still running properly.

Google play store has removed one of the most popular scanning and OCR based software “CamScanner”s  as they find to be infected with Trojan Dropper. The CamScanner is popular PDF scanner application which has been grown to 100 Million User base worldwide with the growth of the android. This was very friendly application to scan, format images and many feature using OCR (Optical Character Recognition).

World famous cyber security research firm Kaspersky has first reported to Google that incident that CamScanner has been affected by the Trojan Dropper. The main purpose of Trojan droppers is to inject malicious code in a computer. The code download different malicious codes to make it difficult for the scanners to identify in general. The real purpose of the trojan droppers to show jokes, adware, pornware notifications even while the victim has real, legitimate and paid subscriptions of the software or app. VBS and Javascript are commonly used to write this type of trojan droppers.

As per recent update the app developer already have neutralized the malicious codebase which is responsible for behavior, but there are many android devices which are still having the older version of the application and the operating system itself. Even this is found that many users don’t prefer to regularly update the Android stack either. That makes a very good change to get higher numbers of users affected in this attack.

As per report came from Android Police, the app started to get infected from the June 26th release. And with this there is also another valid question which arises in there is situation that even google play store validates all the applications on the play store there may be a chance that many softwares may be left out in integrity check during the different updates of the software. There as a user should you should use third party app checkers in your mobile.

While writing this incident, we observe that CamScanner HD and CAMScanner License are two similar apps are still available on the app store but we don’t recommend them to use right now. You can use Microsoft Lens as an alternative application of camscanner. Meanwhile, the iOS versio of the CamScanner is not affected by this attack and still running properly in the iOS app store.