CYBER NEWS

CamScanner Android App Silently Installs Necro Trojan

It appears that one of the most popular Android apps called CamScanner is installing silently the Necro Trojan on victim devices, according to a new security report. It is very possible that the developers have not done it intentionally as the malicious code is probably masking itself as an advertising package.




Android CamScanner App Found To Silently Deploy The Necro Trojan

One of the most popular apps for the Android operating system has been found to carry a very dangerous Trojan threat. The application in question is called CamScanner and its main purpose is to easily convert images to PDF. A security analysis of it has uncovered that in some of its versions it also deploys the Necro Trojan. The specialist speculate that this isn’t intentional by the developers, but they were fooled into integrating an advertising module. The Trojan code has been found to be part of a library that is embedded in the application. Usually these libraries are added in as part of a partnership deal with an advertising provider.

Related:
The Cerberus Android Trojan is a new malware made for the popular mobile operating system, read all about it in our detailed article
Cerberus Android Trojan Is The Newest Mobile Malware For Rent

The analysis of the Necro Trojan shows that the mobile versions found within the contaminated CamScanner Android app will run this malware when the application is installed on the mobile device. However the Necro Trojan does not appear to be running any of the common actions that are expected of it such as data theft. The made analysis shows that the main action that is run is the downloading of other components, showing that a complex infection campaign is orchestrated. As a consequence the hackers that are in control of the Necro Trojan can induce all kinds of actions as they please:

  • Information Gathering — The criminals can search for valuable information on the infected device’s memory. This can be used to look out for passwords or even real-time looking for user input placed inside of banking services.
  • App Manipulation — The Trojan can be used to interact with the installed system and applications. This can result in changed settings, issues and unexpected errors.
  • Malware Delivery — It can be used to deliver dangerous modules such as ransomware and cryptocurrency miners.

Due to the fact that the malicious package was identified live in the CamScanner app it has been taken down from the Google Play Store. We expect it to reappear with the Necro Trojan code removed and with a statement from the developers.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...