Secure-D has blocked over 3 million suspicious mobile transactions originating from Android versions of CamScanner – the immensely popular document and photo scanning app.

Reported first by security software maker Kaspersky, Secure-D found that CamScanner has been delivering intrusive ads to more than half a million unique devices located in 9 countries. The aim of the ads is to fraudulently enroll users in paid subscription services.

The popular app, which allows users to create and share PDF documents from their mobile devices quickly, has generated over 100 million downloads in Google Play Store, and over 1.8 million reviews with an average rating of 4.6 out of 5​.


What Happened?

In just three months Secure-D blocked suspicious mobile transactions coming from devices in Brazil, Egypt, Indonesia and Malaysia, with some fraudulent mobile transaction activity detected in another five countries. If not blocked the cumulative cost to end-users would have equalled more than $400,000 in unwanted charges.

Suspicious activity from CamScanner stopped suddenly across all nine markets after Google was alerted to the existence of malware in the app, and pulled it from the Google Play Store.

Daily CamScanner activity as blocked by Secure-D:




Investigations have shown that the app had become infected with malware that would connect user devices to several different command and control servers after installation. The servers would then feed each compromised app instructions for attack.

Because CamScanner required numerous end-user permissions to function, cybercriminals could use it as a powerful attack vector, serving up fraudulent ads and enrolling users in unwanted paid subscription services – with potential for even more damaging misuse to occur.

The app is now listed on Secure-D index, the mobile malware information center for reporting suspicious Android applications detected and blocked by Secure-D. As fraudulent activity stopped once the compromise was made public; users can now search for suspicious activity related to CamScanner in previous periods.

What Should You Do?

Google Play Store is by far the safest place to find and install Android applications, but recent events have shown that it is not 100 per cent safe.

There are alternatives to CamScanner users could consider. However, its developers say they have removed the malware, and the app is available again on the Google Play Store. Anyone who had installed it before the most recent update should delete any out-of-date versions from their devices immediately.

As a general rule of thumb, users should check any app’s reviews, developer details, and list of requested permissions, before installation. Look carefully to make sure they all relate to the app’s stated purpose.