Android app CamScanner is installing silently the Necro Trojan on victim devices


It has came to notice that one of the most popular Android apps called CamScanner is installing silently the Necro Trojan on victim devices, according to a new security report. It is very possible that the developers have not done it intentionally as the malicious code is probably masking itself as an advertising package.

Android CamScanner App Found To Silently Deploy The Necro Trojan

One of the most popular apps for the Android OS has been found to carry a very dangerous Trojan threat within itself. The application is called CamScanner and its main purpose is to easily convert images to PDF files. A security analysis of this app has uncovered that in some of its versions, it also deploys the Necro Trojan. The specialist speculate that this isn’t intentional by the developers, but they were fooled into integrating an advertising module into their app. The Trojan code has been found to be part of a library that is embedded in the application. Usually these libraries are added in as part of a partnership deal with an advertising provider.

The analysis of the Necro Trojan shows that the mobile versions found within the contaminated CamScanner Android app will run this malware when the application is installed on the mobile device. However the Necro Trojan does not appear to be running any of the common actions that are expected of it such as data theft. The made analysis shows that the main action that is run is the downloading of other components, showing that a complex infection campaign is orchestrated. As a consequence the hackers that are in control of the Necro Trojan can induce all kinds of actions as they please as listed below:

  • Delivering Malware — It can be used to deliver dangerous modules such as malware,  ransomware and cryptocurrency miners.
  • Existing App Manipulation — The Trojan can be used to indulge with the pre-installed applications. This can result in changed System settings, issues and unexpected errors.
  • Information Gathering — The criminals can search for valuable information on the infected device’s memory. This can be used to look out for passwords or even real-time looking for user inputs for banking or other financial services.

Based on the fact that the malicious package was identified live in some of the versions of the CamScanner Android app, it has been taken down from the Google Play Store. We expect it to reappear with the Necro Trojan code removed and with a statement from the developers.


#AndroidSecurity #AndroidTrojan #CamScanner #CyberNews #MalwareAttack #NecroTrojan #TheWiseTech #TrojanThreat #WiseTechLabs

What other's say