CamScanner has been downloaded over 100 million times and has 1.8 million, largely positive, reviews. Kaspersky says it investigated the app after a recent batch of negative reviews. They discovered the app contained a module known as Trojan-Dropper.AndroidOS.Necro.n:
The above-described Trojan-Dropper.AndroidOS.Necro.n functions carry out the main task of the malware: to download and launch a payload from malicious servers. As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.Google pulled CamScanner from the Google Play Store and recent updates to CamScanner have removed the malicious module.
ZD Net reports the module may have been added accidentally, perhaps after a deal with an unscrupulous advertiser. The big lesson here is that even popular Google Play Store apps can't be 100% trusted:
"What we can learn from this story is that any app — even one from an official store, even one with a good reputation, and even one with millions of positive reviews and a big, loyal user base —can turn into malware overnight. Every app is just one update away from a major change," Kaspersky researchers said.