Jump to content

CamScanner detected as trojan downloader (ESET Mobile)


Recommended Posts

  • Most Valued Members

ESET has detected this app : https://play.google.com/store/apps/details?id=com.intsig.camscanner&hl=en

as a trojan downloader , I've tried to replicate this on another phone , it didn't detect anything , I will try to provide logs later as I don't have them now

The solution provided by mobile security is to remove the application because it's detected as trojan downloader , I tried to download it now and scan it with ESET , ESET detected nothing.

Link to post
Share on other sites

The same problem! I've been using CamScanner for ages, but after the last update (July 2019) Eset detected a trojan in it. I reinstalled CamScanner, but it still contains a trojan. 

Link to post
Share on other sites
  • 3 weeks later...
  • Most Valued Members

But the app has million of downloads and is listed as Editor's Choice , you can see in the link of the first post , it's weird..

One phone it was detected as trojan by ESET
Second phone no detection by ESET

Link to post
Share on other sites

Well, i have automatic updates turned off in play store. Before some days I updated to latest version but Eset and Kaspersky dont detect any trojan. All my family member with camscanner have Kaspersky detected an Trojan, weird. I think google play store removed the trojan from app.

Link to post
Share on other sites

Kaspersky just published an analysis on CamScanner:

Quote

An advertising dropper in Google Play

Recently, the popular CamScanner – Phone PDF creator app caught our attention. According to Google Play, it has been installed more than 100 million times. The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over the past month have indicated the presence of unwanted features.

After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. Previously, a similar module was often found in preinstalled malware on Chinese-made smartphones. It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser.

Kaspersky solutions detect this malicious component as Trojan-Dropper.AndroidOS.Necro.n. We reported to Google company about our findings, and the app was promptly removed from the Google Play.

The above-described Trojan-Dropper.AndroidOS.Necro.n functions carry out the main task of the malware: to download and launch a payload from malicious servers. As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.

https://securelist.com/dropper-in-google-play/92496/

Link to post
Share on other sites
  • Most Valued Members
12 hours ago, itman said:

Kaspersky just published an analysis on CamScanner:

https://securelist.com/dropper-in-google-play/92496/

That's interesting read , I don't use that kind of software , but it wasn't my phone , I was shown the phone and was asked what to do ? , I had to remove it , I tried to download on my phone , no detection

but now I understand why it happened one time and the second didn't

 

Thanks ITMAN

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...