Lotus Reader
tabjsina
6 years ago
0
4
In reply toCamScanner, a malicious Android app with more than 100M downloads in Google Playby GordonS
May 22, 2019: 5.10.6.20190522 – safe

June 6, 2019: 5.11.0.20190611 – safe

June 14, 2019: 5.11.3.20190614 – safe

June 16, 2019: 5.11.3.20190616 – unsafe

June 24, 2019: 5.11.5.20190624 – unsafe

July 10, 2019: 5.11.7.20190710 – unsafe

July 23, 2019: 5.12.0.20190723 – unsafe

July 25, 2019: 5.12.0.20190725 – unsafe

July 30, 2019: 5.12.0.20190730 – safe

August 8, 2019: 5.12.3.20190809 – safe

August 14, 2019: 5.12.3.20190814 – safe

August 16, 2019: 5.12.5.20190816 – safe

August 20, 2019: 5.12.5.20190820 – safe

Source: https://www.reddit.com/r/Android/comments/cwk0y4/camscanner_...

asveikau6 years ago
Any speculation why they would only leave in the malicious code for about a month? Changed their mind? Done without full knowledge? Achieved some high value heist and rolled it back?
jeroenhdasveikau6 years ago
An update to an ad library is what caused the malicious code in the first place. Presumably either the infected library was updated again or the developers switched libraries.

The developers behind this app did not add any malicious code they wrote themselves. The attack either came from the ad library or the ad library was hacked.

asveikaujeroenhd6 years ago
If it's the case that it was accidental I feel bad that the app was pulled rather than only vulnerable versions forced off. Although I suppose it would be hard to find assurances that it won't happen again.
btrettel6 years ago
I don't think that list is accurate. I installed CamScanner on Aug. 23, got a text about apparently being signed up for a $5/month service called GameZone at about 4:30 am on Aug. 24, and factory reset my phone the afternoon of Aug. 24 after an investigation. CamScanner was the only app I installed recently, and I saw other discussion connecting GameZone to the app. I'd say CamScanner was responsible with about 90% confidence.

In addition to factory resetting my phone, I've changed account passwords for all accounts I used on my phone, rotated every entry in my TOTP app, and logged out of all other active sessions on quite a few different services.