CamScanner, a popular application that allows users to scan images of documents and save them as PDF files, said in a statement that they will take AdHub to court after the third-party advertising network was found to have inserted malicious codes in CamScanner app that led to the decision of Google to remove the app from the Play Store.
In a statement released by a Chinese company called CC Intelligence Corporation, which owns the CamScanner app, they are pursuing legal action “immediately” against AdHub for violating its security policy. The company also confirmed that a dropper code had been inserted by the third-party ad network in the app that allows the device to download more malware.
“Injection of any suspicious codes violates the CamScanner Security Policy! We will take immediate legal actions against AdHub!” reads the company’s statement addressed to their customers.
Early last week, CamScanner has been removed from the Google Play Store after Kaspersky lab cybersecurity researchers, Igor Golovin and Anton Kivva, reported to google that they have found a malicious dropper code in CamScanner that allowed the app to facilitate the download of malware to the infected device.
“After analyzing the app, we saw an advertising library in it that contains a malicious dropper component,” the report penned by the researchers read. “Kaspersky solutions detect this malicious component as Trojan-Dropper.AndroidOS.Necro.n.”
The researchers flagged the dropper could because “carry out the main task of the malware: to download and launch a payload from malicious servers.” Because of this dropper, the researchers said that whoever owns the module could exploit an infected device to their benefit “in any way they see fit.” The researchers said that the module could be used to show victim intrusive advertising, and worse, to steal money from their mobile account by charging paid subscriptions.
After thorough investigation, the researchers were able to link the malicious dropper to a rogue advertising network, AdHub, a third-party ad software development kit.
CamScanner, which, according to Google, had a total download of more than 100 million, acknowledged the discovery made by the researchers and said that the SDK found in their app was traced back to AdHub.
It was also confirmed by the company that AdHub injected malicious malware in the app in order for them to generate fraudulent ad clicks. Nonetheless, the company confirmed that their investigation revealed that there is no evidence that any data has not been compromised by the unauthorized malware inserted by AdHub.
“Our CamScanner Team has recently detected that the advertisement SDK provided by a third-party named AdHub, integrated with Android Version 5.11.7, has been reported for containing a malicious module that produces unauthorized advertising clicks,” said the statement from CamScanner.
“Fortunately, after rounds of security check, we have not found any evidence showing the module could cause any leak of document data,” they added.
It is also important to note that the malicious module inserted by AdHub in CamScanner was only found in the Android version of the app. It is probably because of the stringent vetting process practiced by the Apple App Store.
After the statement condemning the unauthorized “injection of suspicious codes” by AdHub, CamScanner said that they have already removed all the ads SDKs from the said ad network. They also promised that ads from other SDKs that are not certified by Google Play were also removed.
In its latest update, CamScanner also said that they will remove all advertising SDKs including Google and Facebook official SDKs from the app in the coming update.
Furthermore, a new update has also been released to fix the vulnerability exploited by AdHub to insert the malicious module in CamScanner. “We have removed all the ads SDKs not certified by Google Play, and a new version would be released,” the company said.
As of writing, the free Android version of CamScanner is still not available on Google Play, but a licensed version can now be downloaded.