For many of us, CamScanner has been and continues to be an invaluable tool to keep a digital track of important documents. If you haven’t heard about it, CamScanner is an app for iOS and Android that allows you to scan documents via your phone’s camera.
Once scanned, you can save the result as a PDF and share it easily. It also has the ability to identify text via OCR (Optical Character Recognition) and save it as well. In short, CamScanner gives you all the bells and whistles of a scanner without having to own a scanner. And for this reason, CamScanner will be sorely missed.
What happened to CamScanner?
Just like any other app, CamScanner too relies on ads for monetization. As such, the developers displayed ads and offered in-app purchases. For a while, everything was good. Then things changed. In one of its most recent updates, CamScanner added an advertising library that contained a malicious module. Called a Trojan-Dropper, this module can run a secondary component that is encrypted within the app. So when CamScanner was opening on a device, this dropper would decrypt and run malicious code.
Once a device gets infected with this malware, the owner of the module can essentially take control of your device. This can range from intrusive advertising that pops up all the time to even stealing money from your mobile account under the pretense of a paid subscription.
Even legit apps can be a victim of malware
It’s a tough challenge to verify each and every app that is on the Google Play Store. This challenge becomes even more difficult when developers try to sneak in malicious code into apps that have already passed Google’s initial safety net.
The scenario with CamScanner just goes to show you how important it is to make sure to install apps that you are positive are clean and verified. In the case of CamScanner though, because the app had built up a following with users, no one would really bother to see if the app was misbehaving. In fact, word about the Trojan-Dropper only surfaced when people started reading reviews about CamScanner on the Google Play Store.
This, in turn, is another point to make note of. Always read the latest reviews of an app before installing it. There may be a few reviews that are intentionally bad but it’s important to keep an eye out to see what others say about an app, especially if it was updated recently.
Another precautionary step is to be familiar with the permissions requested by an app. If a calculator app, for example, needs access to a device’s camera, it could be to identify an equation. But on the other hand, if it’s asking for permission to view your phone calls or calendar details, then you should definitely be wary about it.
Since the reporting of Kaspersky Labs about CamScanner, the app has been taken down from the Google Play Store. There were reports that the app was back on the Google Play Store after developers had taken out the malicious code, but we saw no signs of CamScanner on the Play Store. Could this mean the end of the handy app forever? While that is also a possibility, it’s also plausible that the app was taken down and will only be published again once it has undergone a more rigorous investigation into all its nooks and crannies.
If you are tempted to install CamScanner from a 3rd party mirroring site, we would strongly discourage you to do so. This is simply because we cannot guarantee that these sites too might lack the proper screening methods to ensure the integrity of the file. Your safest bet is to wait till CamScanner gets scanned (no pun intended).