Google has pulled an app called CamScanner from its Play store after finding that it had been injected with malware.
The app, which creates PDFs, had been downloaded over 100 million times prior to being removed from the Google Play store. Researchers at security firm Kaspersky said in a blog post that the app had been "shipping with an advertising library containing a malicious module.”
“Negative user reviews that have been left over the past month have indicated the presence of unwanted features,” the researchers said.
CamScanner -- which is described by the security researchers as "a legitimate app with no malicious intentions” -- has blamed a third-party advertising company for injecting the Android app with malware in order to generate illegitimate clicks.
The company said it plans to release an updated version of the app on the Google Play Store. The iOS version wasn’t affected.
"Injection of any suspicious codes violates the CamScanner Security Policy," CamScanner said in a statement. "We will take immediate legal actions against Adhub! Fortunately, after rounds of security check, we have not found any evidence showing the module could cause any leak of document data."