CamScanner App Dev Claims It Was The Victim Of A Malicious Rogue Ad Network
This entry was posted on August 30, 2019.
Earlier this week, you brought you the news of an unfortunate turn of events that resulted in the popular app CamScanner being removed from the Google Play Store. The app, which can create PDF documents, is developed by CC Intelligence and has been downloaded over 100 million times.
The problem came into play when users began getting bombarded with "unwanted features" and advertisements that took over their smartphone's display. The folks at Kaspersky Lab were able to determine that the CamScanner was carrying a malicious module dubbed Trojan-Dropper.AndroidOS.Necro.n, which was serving intrusive ads to users.
After staying mum on the situation for most of the week, CamScanner's developers are finally speaking up and claim that nothing nefarious was done on its part. Instead, CC Intelligence says that it was instead the victim of a rogue ad network.
"Our CamScanner Team has recently detected that the advertisement SDK provided by a third-party named AdHub, integrated in Android Version 5.11.7, has been reported for containing a malicious module that produces unauthorized advertising clicks," wrote the developers in a statement. "Fortunately, after rounds of security check, we have not found any evidence showing the module could cause any leak of document data."
If we take CC Intelligence at its word, it would appear that private user data was not pilfered when Trojan-Dropper.AndroidOS.Necro.n ravaged its app. The only goal of the trojan was to take advantage of CamScanner's huge install base to commit click fraud.
Interestingly, it appears that what happened to CC Intelligence with CamScanner could have been avoided altogether. The company wrote in its statement that "We have removed all the ads SDKs not certified by Google Play," which is probably why the rogue ad network was able to infiltrate the app. Had CC Intelligence likely stayed with Google-certified SDKs, this stain on its app (and reputation) might not have happened.
With that said, the app developers say that a new version of CamScanner will be released soon to Google Play. You can also follow the instructions in the following link to directly download a "clean" CamScanner APK.