Do you use the PDF Creator App called CamScanner? If you do, you've got plenty of company. Since the app was first published in 2010, it has been downloaded more than a hundred million times.
Unfortunately, Google recently pulled it from the Play store when they discovered that it began delivering malware to user devices.
For much of the app's life, its creators, Shanghai-based CC Intelligence, have relied on ads and in-app purchases to generate revenue from the app. That shifted in recent months, and Kaspersky Lab discovered that recent versions of the app introduced a new library that contained a Trojan designed to deliver malware to Android devices.
According to a spokesperson at Kaspersky, the "malicious code may show intrusive ads and sign users up for paid subscriptions." Granted, this isn't as bad as it could be, because intrusive ads are more of an annoyance than a genuine threat. However, the issue of unwanted paid subscriptions is a bit more worrisome.
Even so, based on their investigation into the matter, Kaspersky concluded that it was probable that this is simply a case of the developer accidentally using a malicious ad library. It seems unlikely that they'd run the risk of ruining a reputation that's been nearly a decade in the making. This conclusion is underscored by the fact that the developers have removed the offending library from the most recent build of their app.
Unfortunately, this kind of thing is all too common. There are a disturbing number of instances where legitimate apps have been found to be using poisoned libraries, so in that regard, CamScanner is as much a victim as the users who wound up with paid subscriptions.
Even so, kudos to Kaspersky, Google and CC Intelligence for swift, decisive action. If you use the app and have been noticing intrusive ads, be sure to upgrade to the latest version as soon as possible.