Popular PDF app CamScanner, available to download from the Google Play Store, has been inadvertently allowing crooks to install malware on victims' phones.
As The Register (opens in new tab) reports, researchers from Kaspersky (opens in new tab) discovered that the app contained a trojan that allowed malicious software to be run silently in the background. Igor Golovin and Anton Kivva say the trojan, known as Necro.n, was probably disguised as a legitimate advertising package, and CamScanner's developers were likely unaware what was happening.
- Check out our full guide to the best free PDF editors
- We've also rounded up the best free PDF to Word converters
- Stock up your phone with our list of the best Android apps
Necro.n doesn't actually contain any malicious software itself, but it provides a gateway for crooks to install whatever they like – whether that's software that shows ads for disreputable businesses, or apps that charge you money through illicit premium subscriptions.
Be on your guard
This discovery serves as a reminder that although Google strives to check apps in the Play Store for malicious code, it's not infallible.
In fact, it's been found that some Android phones even come with malware pre-installed. Phones can be sold with hundreds of apps installed, and only one needs to be compromised for attackers to gain access to your device.
"It looks like app developers got rid of the malicious code with the latest update of CamScanner," says Kaspersky. "Keep in mind, though, that versions of the app vary for different devices, and some of them may still contain malicious code."