CamScanner detected as trojan downloader (ESET Mobile)

[Nightowl 206]

ESET has detected this app : https://play.google.com/store/apps/details?id=com.intsig.camscanner&hl=en

as a trojan downloader , I've tried to replicate this on another phone , it didn't detect anything , I will try to provide logs later as I don't have them now

The solution provided by mobile security is to remove the application because it's detected as trojan downloader , I tried to download it now and scan it with ESET , ESET detected nothing.

[Ptah 0]

The same problem! I've been using CamScanner for ages, but after the last update (July 2019) Eset detected a trojan in it. I reinstalled CamScanner, but it still contains a trojan. 

[Nightowl 206]

I've installed it on a different device , but it didn't detect anything , it's weird.

[T K 0]

I am having the same issue, Kaspersky just alerted base.apk under /data/app/ as trojan.

 

[itman 1,727]

Appears Google Store has another malicious app. Nothing really new since this is a very frequent occurrence.

[Nightowl 206]

But the app has million of downloads and is listed as Editor's Choice , you can see in the link of the first post , it's weird..

One phone it was detected as trojan by ESET
Second phone no detection by ESET

Edited August 24, 2019 by Rami

[itman 1,727]

1 hour ago, Rami said:

One phone it was detected as trojan by ESET

Possible redirect to a phishing Google store clone website.

[Girofox 0]

Well, i have automatic updates turned off in play store. Before some days I updated to latest version but Eset and Kaspersky dont detect any trojan. All my family member with camscanner have Kaspersky detected an Trojan, weird. I think google play store removed the trojan from app.

[itman 1,727]

Kaspersky just published an analysis on CamScanner:

Quote

An advertising dropper in Google Play

Recently, the popular CamScanner – Phone PDF creator app caught our attention. According to Google Play, it has been installed more than 100 million times. The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over the past month have indicated the presence of unwanted features.

After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. Previously, a similar module was often found in preinstalled malware on Chinese-made smartphones. It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser.

Kaspersky solutions detect this malicious component as Trojan-Dropper.AndroidOS.Necro.n. We reported to Google company about our findings, and the app was promptly removed from the Google Play.

The above-described Trojan-Dropper.AndroidOS.Necro.n functions carry out the main task of the malware: to download and launch a payload from malicious servers. As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.

https://securelist.com/dropper-in-google-play/92496/

Edited August 27, 2019 by itman

[Nightowl 206]

12 hours ago, itman said:

Kaspersky just published an analysis on CamScanner:

https://securelist.com/dropper-in-google-play/92496/

That's interesting read , I don't use that kind of software , but it wasn't my phone , I was shown the phone and was asked what to do ? , I had to remove it , I tried to download on my phone , no detection

but now I understand why it happened one time and the second didn't

 

Thanks ITMAN

[itman 1,727]

To highlight the dangers of Google Play apps, Eset has its own detailed analysis on another commonly used app: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/