CamScanner recently had to leave the Play Store after security researchers found that it distributed malware between June and July this year. Today, its developer released a statement saying that it fell victim to an advertisement SDK provided by AdHub that loaded the malicious module into its product. It has since cut ties with the network and removed the malware.
The firm pinpoints the introduction of malware to CamScanner 5.11.7, though we found that versions ranging from 5.11.3 to 5.12.0 were also unsafe – see our previous coverage for a more detailed breakdown. Luckily, no user data seems to have leaked. The malware only focused on click fraud, generating unauthorized advertising income. The company has since taken legal action against the ad network that injected the malicious code into the app.
I fear that CamScanner's introduction of aggressive advertisements back in April might have correlated with the malware – it seems that its new advertisement partner didn't have the best in mind for it.
If you want to give CamScanner sans rogue ad network another chance, you can download the latest safe version over at APK Mirror. It was uploaded by the developer itself – we've double-checked that it's free of malware. If you'd rather wait for a re-release in the Play Store, you might not be out of luck, either. CamScanner tells us that it's "communicating with Google positively."
You can read CamScanner's full statement below:
Dear CamScanner Android Users，
Our CamScanner Team has recently detected that the advertisement SDK provided by a third-party named AdHub, integrated in Android Version 5.11.7, has been reported for containing a malicious module that produces unauthorized advertising clicks.
Injection of any suspicious codes violates the CamScanner Security Policy! We will take immediate legal actions against Adhub! Fortunately, after rounds of security check, we have not found any evidence showing the module could cause any leak of document data.
We have removed all the ads SDKs not certified by Google Play and a new version would be released. Meanwhile, you may contact [email protected] for a direct upgrade or tap HERE to download the new version.
We would appreciate your patience and understanding.
Back in the Play Store
CamScanner has returned to the Play Store. It's safe to assume that Google thoroughly tested the app for malware before allowing it back in, so it should be good to install. You can get the latest version on APK Mirror as well.