What users believed to be a useful Trojan on one Google Play app that was downloaded 100 million times turned out to be a real Trojan.

Researchers from Kaspersky Lab on Tuesday revealed how CamScanner, a Google Play app that was downloaded for 100 million times, executed secret payloads on users. The app charges the unsuspecting android users with paid subscriptions through a Trojan dropper.

How It Works

The Trojan dropper made its way to users’ devices through a CamScanner update that added an advertising library. The library turned out to be a malicious module that opened vulnerabilities.

The CamScanner update paved the way for the Trojan dropper to regularly acquire encrypted code from the developer-designated server at https://abc.abcdserver.com. The malicious module that Kaspersky Lab researchers called Trojan-Dropper.AndroidOS.Necro.n started executing decrypted codes on the devices where it was installed.

How It All Started

CamScanner has always been a useful scanning and managing documents app that it was downloaded 100 million times before the most recent update changed everything. The app previously used the traditional developers displaying ads and offering in-app purchases to gain profit.


The CamScanner Trojan-Dropper.AndroidOS.Necro.n puts the owners of the module at serious risk as it gives the developers unrestricted access. This means that the developers are free to download and execute whatever they want on the infected devices whenever they want to.

A statement from the Kaspersky Lab researchers revealed that the CamScanner Trojan dropper functions as a malware. It can go from a simple showing of disturbing ads to the risk of taking money from the user’s mobile account.

How To Keep Your Device Safe From The Trojan-Dropper

Sadly, there is no effective way of making sure that an app is safe. Cases as such are some of the major challenges that Android users are facing today.

Google has been vigilant in creating innovations to combat the presence of Android vulnerabilities. However, even Google scanners are unable to detect and expose everything.

As of the moment, the safest ways that the Kaspersky Lab researchers suggest is to read reviews that other users left. It also helps to uninstall apps that you aren’t using for some time and to be more cautious in giving permissions to apps that ask access to the microphone, camera, contacts, location and data.