The plugin does not come with malware. If you doubt this, you can download a fresh copy of the plugin from the WordPress plugin directory and compare it with the copy installed on your server. Do not trust plugins distributed by anyone other than the developer themselves or from the WordPress plugin directory. Also, feel free to contact me directly: http://matchboxcreative.com
It's very possible that your site has been hacked. This guide outlines the steps you should take if you think you've been hacked: https://codex.wordpress.org/FAQ_My_site_was_hacked