Popular document-scanning app CamScanner had over 100M downloads on the Play Store before it was removed by Google last week. This decision was taken after security firm Kaspersky discovered malicious code in updates for the app made between June and July.
More specifically, Trojan Dropper code was found in the application's resources; this extracts and runs malicious code present in the APK. The malware consequently "dropped" in the device is known as Trojan Downloader, which, as the name suggests, downloads even more malicious modules. At the time, CamScanner blamed third-part SDK provider AdHub, also noting its intentions of pursuing "immediate legal actions" against it.
The team behind the app has also announced rewards for users that will prove their loyalty by downloading the latest version, though it's not exactly clear what these are as of now. CamScanner also clarified - in response to some users' reservations - that there had been no selling of user data involved, and it was simply a matter of trusting the wrong SDK provider. For now, all advertising SDKs have temporarily been removed.
Others have also reported that Play Store is still showing the "harmful app detected" warning after the app has been installed, though CamScanner insists that this is due to old cookies. In either case, it is advised that you proceed with caution in case you do plan on reinstalling the application. The latest version, 5.12.5, is available for download from the Play Store here.