Experts from Kaspersky Lab observed the actions of a malware known as Necro, which infected unofficial sources and well-known programs on the Google Play store.
Necro is an Android downloader that has the ability to download and execute different malicious modules on the target device. There have been infections found in Ecuador, Mexico, Vietnam, Brazil, and Russia..
Malicious code was recently found in the CamScanner mobile app by Kaspersky Lab researchers. Over 100 million Android users have downloaded the app from Google Play.
It was discovered that the most current versions of CamScanner included a malicious module in an advertising library. Trojan-Dropper.AndroidOS.Necro.n is the name of the harmful component found in CamScanner according to Kaspersky Lab solutions.
The primary function of Trojan-Dropper.AndroidOS.Necro.n is to download and execute a payload from malicious servers. As a result, the module owners can profit from an infected smartphone in any way they see suitable, from charging paid subscriptions to the user to display annoying advertisements and take money from their cell account.
{
"hs": {
"server": "https://abc.abcdserver[.]com:8888",
"default": "https://bcd.abcdserver[.]com:9240",
"dataevent": "http://cba.abcdserver[.]com:8888",
"PluginServer": "https://bcd.abcdserver[.]com:9240"
},
….
}
The Code that executes after is as follows :
Any program, regardless of its reputation, authorized store, or other attributes, has the potential to become a source of infection at some point.
The harmful code appears to have been removed by the CamScanner developers in the most recent app update. Remember, however, that various devices can have different versions of the app, and some might still have malware on them.
This scenario’s conclusion makes sense because official app stores like Google Play are typically regarded as secure safe places for software downloads. Unfortunately, nothing is completely secure.