CamScanner Android App Silently Installs Necro Trojan

CamScanner Android App Silently Installs Necro Trojan

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

It appears that one of the most popular Android apps called CamScanner is installing silently the Necro Trojan on victim devices, according to a new security report. It is very possible that the developers have not done it intentionally as the malicious code is probably masking itself as an advertising package.

Android CamScanner App Found To Silently Deploy The Necro Trojan

One of the most popular apps for the Android operating system has been found to carry a very dangerous Trojan threat. The application in question is called CamScanner and its main purpose is to easily convert images to PDF. A security analysis of it has uncovered that in some of its versions it also deploys the Necro Trojan. The specialist speculate that this isn’t intentional by the developers, but they were fooled into integrating an advertising module. The Trojan code has been found to be part of a library that is embedded in the application. Usually these libraries are added in as part of a partnership deal with an advertising provider.

Relaterede: Cerberus Android Trojan Is The Newest Mobile Malware For Rent

The analysis of the Necro Trojan shows that the mobile versions found within the contaminated CamScanner Android app will run this malware when the application is installed on the mobile device. However the Necro Trojan does not appear to be running any of the common actions that are expected of it such as data theft. The made analysis shows that the main action that is run is the downloading of other components, showing that a complex infection campaign is orchestrated. As a consequence the hackers that are in control of the Necro Trojan can induce all kinds of actions as they please:

  • Information Gathering — The criminals can search for valuable information on the infected device’s memory. This can be used to look out for passwords or even real-time looking for user input placed inside of banking services.
  • App Manipulation — The Trojan can be used to interact with the installed system and applications. This can result in changed settings, issues and unexpected errors.
  • Malware Levering — It can be used to deliver dangerous modules such as ransomware and cryptocurrency miners.

Due to the fact that the malicious package was identified live in the CamScanner app it has been taken down from the Google Play Store. We expect it to reappear with the Necro Trojan code removed and with a statement from the developers.


Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...