A hugely popular Android app that takes high quality photographs of documents has been found to contain malware.
CamScanner has been downloaded more than 100 million times by Android users.
However, cyber-security researchers at Kaspersky say they found that a recent version contained malicious code in the part of the app that delivers ads.
The malware could have made it possible to show users intrusive ads or snoop on login credentials.
Kaspersky's researchers noted that CamScanner was a "legitimate" app, but think that the snippet of malicious code found in it was third-party code used to serve ads within apps.
A spokeswoman for Kaspersky told the BBC that researchers did not examine the iPhone version of CamScanner to see if it was also affected.
The free version of CamScanner for Android is currently not available on Google's Play Store in the UK.
CamScanner said it had released a new version of the app, with the malicious code removed.
I have CamScanner installed, what should I do?
If you have automatic updates enabled for your apps, which many people do, there is a chance you have a version of CamScanner containing malware on your device.
If in doubt, it is best to delete CamScanner and wait for a new version to be launched and tested by cyber-security researchers, said Matthew Hickey at security firm Hacker House.
Users may also use an anti-virus app to check for any malicious software that might have been installed.
"It is said the average consumer has around 40 applications on their phone they will use frequently, so ensure you regularly review any of those applications that you are not using," he told the BBC.
Mr Hickey also advised users who have mobile banking apps to be particularly cautious and use an anti-virus app that can regularly check for malicious code.
This was important because there had been a "sharp increase" recently in discoveries of malware infecting apps on the Google Play app store, he added.