Google is quite strict on letting the malicious apps on Google Play Store. The entry restrictions are preventing the new apps from getting listed on the Play Store to avoid any malicious apps. But the apps that are previously listed on the Play Store are now showing their real colors. According to Google, one of the most popular App with 100 Million + Downloads has started distributing the malware. CamScanner, one of the most popular OCR PDF maker app, was found in distributing malware to Android users. Google has taken action on the App and immediately removed it from the Google Play Store. Being one of the most popular Apps with 100 Million+ Downloads, this is one big blow to the developers and also the attackers.
Shanghai Based CC Intelligence published the App on Google Play Store. The primary revenue source of the developers was the in-app purchases and Ad content delivery for years since its listing. CC Intelligence listed the App on the Google Play store in 2010. But after the thorough investigation from Kaspersky, the recent versions of the App were found to have the new advertising library with Trojan designed to deliver the malware.
According to the report from Kaspersky, the malicious code and advertising library forced the users with ads and premium subscription popups. The intrusive ads can be tolerable, but the developer was trying to force the users to buy the premium subscriptions for third-party services. After the revelations from Kaspersky, Google immediately removed the CamScanner App from the Google Play Store. The App is available on third-party APK sites for Android and official Apple App Store for iOS users. CC Intelligence has not shared any formal statement at the time of writing this news, but the incident looks like accidental use of the malicious advertising library.