A hit Android app used to ‘scan’ documents has been found to contain malware which could allow cybercriminals to spy on users.
The app, CamScanner, has been downloaded more than 100 million times, cybersecurity specialists Kaspersky Labs warned.
The app itself is legitimate (and was available through Google’s official Play store), but malicious code written by another company was found in a part of the app used to serve ads.
The code allowed cybercriminals to install their own malicious apps on infected devices.
It could have been used to spy on users, or serve up dodgy or unpleasant apps, Kaspersky Labs warned.
Kaspersky said, ‘For example, an app with this malicious code may show intrusive ads and sign users up for paid subscriptions.
‘Some users of the CamScanner app have already spotted suspicious behavior and left reviews on the app’s Google Play page with warnings to avoid the app.
‘Kaspersky researchers examined a recent version of the app and found the malicious module there. We reported our findings to Google, and the app was promptly removed from Google Play.’
‘It looks like app developers got rid of the malicious code with the latest update of CamScanner. Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code.’