Google has removed three apps from its Play Store which were infected with adware, but only after they were downloaded by millions of victims.
On Wednesday (4 February), Google removed popular card game Durak, which had been downloaded between 5 and 10 million times, as well as two Russian-language apps - an IQ test app, which has received between 1 and 5 million installs, and a Russian history app, which has been installed between 10,000 and 50,000 times.
The move come after security company Avast revealed on Tuesday that the apps had managed to bypass the security measures of Google's official app store.
According to Avast researcher Filip Chytry, the malicious apps try to hide their behaviour by not revealing their true nature for some time:
"When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app.
"This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colours."
Google removed the apps immediately after Avast reported them, but users who installed Durak have complained they notified the search giant about the issue last month, but nothing was done.
This video, posted to YouTube on 22 January, shows just how the malicious app affects your smartphone:
Every time you unlock your device an ad is presented to you, warning you about a problem on your device such as telling you that your device is infected, out of date or full of pornographic videos/images.
These messages are entirely fake but tell you to approve an action to correct the problem. If you do click OK, you get re-directed to fake pages including dubious app stores and apps that attempt to send premium SMS messages behind your back.
Chytry said that some victims were even redirected to legitimate apps:
"An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?"
"This kind of threat can be considered good social engineering. Most people won't be able to find the source of the problem and will face fake ads each time they unlock their device.
"I believe that most people will trust that there is a problem that can be solved with one of the apps advertised "solutions" and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources."