Dangerous Trojan Horse Sneaks through Popular App

By EDD K. USMAN, SDN, Twitter @edd1819, Instagram @bluestar0910, Facebook: SDN — Science and Digital News

IF I have CamScanner app installed in my smartphone, I would have deleted already.

You should, too. No problem if like me you did not install it.

But maybe some friends have it on their phones because CamScanner, which creates PDF documents, have been downloaded more than 100 million times.

Cybercrimals have many ways of getting their “worms” into people’s devices and, mostly like, gain from this intrusion.

Or it may result into a damage reputation. Or a loss of money.

Unsuspecting owners of gadgets such as smartphones and others do not even have inkling a dangerous malware is already prowling inside their phone for some malicious purpose.

Or, like a Trojan Horse malware, trick a user that invariably, even indirectly, result in paying for something it was not asked for.

In relation with this, Kaspersky, the Russian global cybersecurity provider, has revealed that a dangerous Trojan Horse has been distributed through CamScanner, a popular app on Google Play Store. Kaspersky said it had received more than 100 million download.

What, then, is a Trojan Horse in the computing world?

“A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.  Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source,” says Webopedia (https://www.webopedia.com/DidYouKnow/Internet/virus.asp).

Experts from Kaspersky have warned of a malicious version of the popular app use for the creation of PDF images. The app is distributed through Google Play, the official online store for apps running on the Android operating system.

They said the app had embedded mechanisms for use in downloading malware to the user’s device.

Subscribers of the app were made to subscribed to paid services which they did not subscribed to.

The bad news is that Google’s statistics, Kaspersky said, reported that the app already received over 100 million downloads.

On the other hand, the good news is the Google Play Store withdrew the app right away after a notification from Kaspersky of the malicious content. It was also indicated the app’s developer had nothing to do with the embedding of the malware.

While studying the compromised app, Kaspersky researchers discovered a malicious “dropper” – a shell that brings a malware – that was there to introduce a malicious downloader on the user’s device.

Kaspersky new 2

This downloader was then used to download malicious files onto the user’s smartphone. The functionality of these malicious files varied depending on the intentions of the malware developers, but the samples analyzed by Kaspersky researchers displayed intrusive ads and signed the user up for paid subscriptions.

Shortly after removal from Google Play, the developer of the app published a statement — (https://twitter.com/CamScanner/status/1166733219841986561) stating that the incident happened due to third-party advertisement provider.

A Kaspersky executive expressed surprised at how the incident happened.

“It’s not often that we see an app with a loyal user base and such a large number of installations is distributing malicious components. Given the positive reviews on the Google Play app page and the fact that security researchers did not previously detect malicious activity, it looks like the malicious modules were added into the app with one of its updates.

“In a nutshell, this is yet another example of the fact that it is important for consumers to reliably protect your devices even if you use only official sources to download software,” said Igor Golovin, a security researcher at Kaspersky.

Kaspersky, as usual, has recommendations for netizens for them to be on the  safe side of cyberspace:

— Remembering that even the apps from official stores with a loyal user base can be modified and include malicious elements.

— Installing system and application updates as soon as they are available – they patch vulnerabilities and keep devices protected.

— Using a reliable security solution for Android and scanning your smartphone from time to time, to make sure it stays protected. (Full report on Securelist.com) — Kaspersky

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at http://www.kaspersky.com.

Don't be shy, comments are welcome! Thank you.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: