A PDF scanner downloaded by 100 million Android users contained malware

A very popular Android app called CamScanner, which lets you take photos of documents and turn them into PDFs, has been found to be housing malware. 

CamScanner has been downloaded more than 100 million times by Android users – which is pretty alarming. The malware wasn’t built-in as part of the app, but rather the third-party code used to deliver ads.

Related: Best photo editing apps

Igor Golovin and Anton Kivva of Kaspersky discovered the malware, becoming aware of the problem after noticing that the CamScanner app had been downloaded more than 100 million times, but also had a lot of negative reviews about unwanted content.

The advertising library within the CamScanner app contains the malicious component − a Trojan referred to as Necro.n. 

The pair believes the malware was included due to the app having a partnership with a nefarious advertiser. 

After the discovery was made, CamScanner was reported to Google. The app has now been removed from the Google Play Store.

Necro.n does not actually perform any malicious functions itself but – rather – provides a gateway for bad actors to install modules that could carry out a range of unwanted activities.vThe module could allow for intrusive advertising or the potential to steal money from the Google Play account of the affected device.

If you have the free version of the CamScanner app, you should delete it immediately.

An updated, clean version of the paid-for CamScanner app has reportedly now been released.

Related: Best free VPN

Trusted Reviews has contacted CamScanner for a comment. This article will be updated if we receive a response.

A concerning piece of malware was in the news last week too. On that occasion, the malware was disguised as popular VPN software NordVPN. The malware was a trojan that  was hidden amongst VPN downloads on a website created to look like it was NordVPN’s.