Does anyone have information on affected and unaffected version numbers? I have a version of this installed, but it's an old one, and may not have updated to the malware one because I disabled automatic updates. (Specifically because I was afraid of this, in fact.)
I don't think that list is accurate. I installed CamScanner on Aug. 23, got a text about apparently being signed up for a $5/month service called GameZone at about 4:30 am on Aug. 24, and factory reset my phone the afternoon of Aug. 24 after an investigation. CamScanner was the only app I installed recently, and I saw other discussion connecting GameZone to the app. I'd say CamScanner was responsible with about 90% confidence.
In addition to factory resetting my phone, I've changed account passwords for all accounts I used on my phone, rotated every entry in my TOTP app, and logged out of all other active sessions on quite a few different services.
Any speculation why they would only leave in the malicious code for about a month? Changed their mind? Done without full knowledge? Achieved some high value heist and rolled it back?
An update to an ad library is what caused the malicious code in the first place. Presumably either the infected library was updated again or the developers switched libraries.
The developers behind this app did not add any malicious code they wrote themselves. The attack either came from the ad library or the ad library was hacked.
If it's the case that it was accidental I feel bad that the app was pulled rather than only vulnerable versions forced off. Although I suppose it would be hard to find assurances that it won't happen again.
Yes. There's a Reddit thread with the version information. I'll see if I can find it later when I'm off work but it made the front page so you could probably search it out fairly easily.
