CamScanner, a popular app used to scan PDF documents, was reportedly spreading malware. The app has been around since 2010, and it's been downloaded more than 100 million times. As the Russian antivirus firm Kaspersky discovered, the app recently began spreading malware on Android devices. Google has since pulled CamScanner from the Google Play Store.
The malicious code was delivered via an ad library. The trojan resulted in "intrusive ads" and signed users up for paid subscriptions. It was also designed to connect to the user's server and download additional code. According to Kaspersky, recent updates to the CamScanner app have apparently removed the malware.
As ZDNet points out, CamScanner has 1.8 million, mostly positive reviews, on Google Play. Kaspersky began investigating the app after a batch of negative reviews appeared. The incident is a reminder that even popular, longstanding apps are not safe from malware attacks.