Malicious attacks on users appear in Android applications with over 100 million downloads

CamScanner application is a famous application on Google Play Store when it is used to scan images and convert them into PDF files. Up to now, the application has more than 100 million installs. However, experts from Kaspersky warned that the application contained a mechanism to automatically download malicious code to a user’s device. From there, the victim may discover that he or she has signed up for paid services while they have never done so.

Currently, Google Play has removed the application for malicious warnings from Kaspersky.

In the process of researching applications containing malicious code, Kaspersky researchers discovered a malicious “dropper” in the application to “drop” the malware downloader onto the user’s device. This downloader is then used to download malicious files to the victim’s phone.

The functionality of the malware varies depending on the intent of the malware developer, but according to samples analyzed by Kaspersky with malicious code, they will cause advertisements to be displayed on user devices and automatically registered. Paid service packages. Immediately after removing the application from Google Play, the developer CamScanner responded that the problem was caused by a third party.

According to an application developer, the malware was injected into a latest software update by a third party without the developer knowing or allowing it. In fact, only a small number of users have downloaded applications that contain malicious code.

” We rarely see an application with such a high level of loyal users and a large number of installations, ” said Igor Golovin, security researcher at Kaspersky. malicious code . ”

” With positive reviews on Google Play and the fact that security researchers have never discovered the app’s malicious activity, we think that malicious modules could have been injected. when the update is in progress. In general, this is another example that shows that users need to be very protective of their devices even if they download the software from the official unit . ”