The malicious code was delivered via an ad library. The trojan resulted in "intrusive ads" and signed users up for paid subscriptions. It was also designed to connect to the user's server and download additional code. According to Kaspersky, recent updates to the CamScanner app have apparently removed the malware.

As ZDNet points out, CamScanner has 1.8 million, mostly positive reviews, on Google Play. Kaspersky began investigating the app after a batch of negative reviews appeared. The incident is a reminder that even popular, longstanding apps are not safe from malware attacks.