More than two dozen apps containing malware have been found in the Google Play Store for Android devices.
The malware causes full-screen ads to pop up on your device at random times, and tracing the app responsible can be almost impossible.
- 'Agent Smith' might be in your phone
- Fake fingerprints can probably unlock your phone - researchers
- The cyber threats to watch out for in 2019
Most of the suspicious apps were "masquerading" as photo utility or fashion apps, and had been downloaded more than 2.1 million times, according to cybersecurity and software company Symantec.
"These 25 malicious hidden apps share a similar code structure and app content, leading Symantec to believe that the developers may be part of the same organisational group or, at the very least, are using the same source code base," software engineers May Ying Tee and Martin Zhang wrote in a blog post.
The company said it reported the apps to Google on September 2, and the apps have since been removed from the store.
However, because the apps contain software that makes them disappear off the home screen "users can easily forget they downloaded them", meaning finding the annoying apps can be tricky.
The company said that when first installed the app is visible and usable just like any other app. However, at some point a request is made in the background via a third-party service to download a remote configuration file.
"We intercepted the configuration file and spotted several different configurations including one that can toggle the app's icon-hiding behaviour, as well as other advertising-related settings," the company said.
Once the configuration file was downloaded it was extracted by the malware.
After the app's icon became hidden, the malware caused advertising to be displayed, showing up even when the app was not being used. Some of these ads were displayed full-screen and at random times, making it impossible for users to know which app was causing them to show up.
"Monetary gain from advertising revenue is likely the motivating factor behind these apps," Symantec said.
In order to protect their mobile devices from malware, users were urged to keep their software up to date, only install apps from trusted sources and pay attention to permissions requested by apps.
It's not the first time malicious apps have been found in the online store.
Earlier this year around 50 apps were found on Google Play containing malware. And just last month, tens of millions of Android users were urged to delete the 'CamScanner' app for similar reasons. The app was later updated to remove the suspicious software.
The full list of malicious apps
App name - Developer
Octopus - Kulomylong
Auto Blur Photo - Burnerfock
Blur Image Pro - Fisher Dev
Picture Photo - Kennith Ortiz
Face Feature - Fater Dev
Fashion Hairstyles Pic Editor - Goveroy Dev
Image Blur Editor Free - Setperal
Bowhead - Kensendy
Photo Cut Pro - WWL Dev
Yasuo Art - Magicalla Studio
Fashion Hairstyles pic Editor 2019 - Digtal Dev
Latest Hairstyles Free - Lyynforture
Positive Photo Collage - Lyynforture
Cut Photo Editor - Superjunia
Blur Image Plus - Past Dev
Autocut Photo - OOI Dev
Cut Background - Richard Media Studio
Hairstyles Photo Editor Plus - FFmore Dev
Amazing Photo Cutout - Sistermopub
Photoloop - Sistermagci
Pop Color - Pumana Dev
Sky Camera Pro - HCamera Studio
Photo Background - Flydog Dev
Blur Image Plus - Past Dev
Photo Blur Background Maker 2019 - Goulmook Dev
Users are encouraged to regularly review the apps they have on their phone and delete those which they don't use.