Kaspersky experts warn about a malicious version of a popular app for the creation of PDF images, which was distributed through the Google Play, the official store for Android based applications. The app contained mechanisms for downloading malware to the users’ devices. As a result, victims could find themselves subscribed to paid services which they did not request. According to the platform’s statistics, the app has been installed more than 100 million times. Google Play Store has immediately withdrawn the app following Kaspersky’s notification of the malicious content.

A dangerous Trojan has been distributed through a popular app on the official app store because of a malicious advertisement program 1

 While researching the compromised app, Kaspersky researchers discovered a malicious ‘dropper’ – a shell that brings a malware – that was there to introduce a malicious downloader on the user’s device. This downloader, was then used to download malicious files onto the user’s smartphone. The functionality of these malicious files varied depending on the intentions of the malware developers, but the samples analyzed by Kaspersky researchers displayed intrusive ads and signed the user up for paid subscriptions.

Shortly after removal from Google Play, the developer of the app published a statement (https://twitter.com/CamScanner/status/1166733219841986561) stating that the incident happened due to third-party advertisement provider.

 “It’s not often that we see an app with a loyal user base and such a large number of installations is distributing malicious components. Given the positive reviews on the Google Play app page and the fact that security researchers did not previously detect malicious activity, it looks like the malicious modules were added into the app with one of its updates. In a nutshell, this is yet another example of the fact that it is important for consumers to reliably protect your devices even if you use only official sources to download software”, said Igor Golovin, a security researcher at Kaspersky.

To stay safe, Kaspersky recommends:

  • Remembering that even the apps from official stores with a loyal user base can be modified and include malicious elements
  •   Installing system and application updates as soon as they are available – they patch vulnerabilities and keep devices protected
  •   Using use a reliable security solution for Android and scanning your smartphone from time to time, to make sure it stays protected 

Read the full report on Securelist.com

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com