You never know when you install an app what it eventually could drag into your phone. For example, an app in the Google Play Store called CamScanner – Phone PDF was actually a legitimate listing when it first launched. The app was used to scan documents and manage their digital likeness on a phone. But according to security research firm Kaspersky (via Tom's Guide) "However, at some point, that changed, and recent versions of the app shipped with an advertising library containing a malicious module." The researchers involved in investigating the app say that it is possible that the developer didn't even know about it.
The problem here is that this backdoor became part of the app and can launch payload from malicious servers. The report says "As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions." And since the app had been installed over 100 million times, this is a very serious matter indeed.
This malicious app has been installed 100 million times from the Google Play Store
But our early warning system worked again. As Kaspersky notes, "negative user reviews that have been left over the past month have indicated the presence of unwanted features." This is something that Android users, in particular, should do before installing an app from a developer that they are not familiar with. The odds are that you will not be the first user to install a malicious app, so check the most recent reviews; check the most recent reviews and one more time for the West Coast-check the most recent reviews. That is where you will find complaints and comments about odd experiences with an app. These are flashing red warning signs.
If you have the app on your phone, uninstall it immediately. Ironically, it appears that the backdoor had been removed from the app before Google removed the app from the Play Store. Meanwhile, another version of the app called CamScanner HD-Scanner, Fax remains in the Google Play Store and is apparently clean. It has been installed over 1 million times although at this point we'd suggest uninstalling it too. Why take a chance?
Back in February, Google said that it is blocking more malware from getting listed in the Google Play Store. But in this specific situation, the app appeared to be fine and without any issue for some time. Meanwhile, Google Play Protect is supposed to scan apps before and after you install them in an attempt to keep malware off your Android device. Google says that it scans 50 billion apps a day.
Some of the most recent malware-laden apps are nearly impossible to uninstall because the icons disappear after the app is installed. Many of them show ads in the background creating a huge payday for the bad actors. Some will send texts via paid platforms and the phone's owner won't notice anything until he or she is charged for the premium texts. To protect yourself from malicious apps, Google suggests that you refrain from sideloading apps and make sure that you stick to installing all apps "from trusted sources like the Google Play Store." Surely you see the problem with that comment. Still, we have no idea how worse this problem would be without Google Play Protect.
In the meantime, what are you going to do before installing an app from a developer you never heard of? Check the most recent reviews!