Google Play App With 100 million Downloads Executed Secret Payloads

[upnorth]

Content source

https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/

The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android devices.

Throughout most of its life, CamScanner was a legitimate app that provided useful functions for scanning and managing documents, researchers from antivirus provider Kaspersky Lab said on Tuesday. To make money, the developers displayed ads and offered in-app purchases. Then, at some point things changed. The app was updated to add an advertising library that contained a malicious module. This component was what’s known as a “Trojan dropper,” meaning it regularly downloaded encrypted code from a developer-designated server at https://abc.abcdserver[.]com and then decrypted and executed it on infected devices. The module, which Kaspersky Lab researchers named Trojan-Dropper.AndroidOS.Necro.n, could download and execute whatever the developers wanted at any time. The researchers said that they have previously found Trojan-Dropper.AndroidOS.Necro.n lurking inside apps that are preinstalled on some phones sold in China. “The above-described Trojan-Dropper.AndroidOS.Necro.n functions carry out the main task of the malware: to download and launch a payload from malicious servers,” a separate post from Kaspersky Lab explained. “As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”

The incident underscores the challenge Android users face when looking for useful apps. Google scanners are unable to catch everything, particularly when developers sneak malicious or unethical code into apps that have already passed initial inspections. The result: there’s no easy way to be sure an app is safe. This reality is disappointing, because Google has made real strides in securing more recent versions of Android.

Spoiler: CamScanner

 

[dinosaur07]

AVs for mobile are a must nowadays. Phones should be protected the same way as PCs.

 

[SeriousHoax]

WoW, I used this app in the past a lot and still had it installed till I just saw this news. Good thing is I always force stop an app that I don't use often so hopefully it didn't do any harm.

 

[DeepWeb]

This is crazy. I think everyone has had this app at one point in time. I uninstalled it years ago once Google Drive supported scanning. Just the other day I was wondering if using Kaspersky on my phone was worth it. I guess it is.

 

[Andrew3000]

Adobe Scan do the same things without malware inside.
The interesting thing is that some hours ago, when the news came out I tried to see which antivirus detected camscanner as a virus. The only one was Kaspersky (that discovered that security problem) with the name: HEUR:Troajn.Dropper.AndroidOS.Necro.n

 

[upnorth]

Android Apps by INTSIG on Google Play

Enjoy millions of the latest Android apps, games, music, movies, TV, books, magazines & more. Anytime, anywhere, across your devices.

play.google.com

 

[Amit Raina]

IOS is more secure one :emoji_punch:

 

[Entreri]

iOS is much more secure, so much less malware gets into their store and iOS gets updated for a long time.

Android is second rate for security.