Avast is a security firm that focuses on mobile and personal computing security systems. The company though has found a new threat that is lurking within the Google Play store. Avast was initially notified of the threat on a comment, within a thread on the Avast forum. At first the company didn’t think too much about the threat itself, thinking that it could be easily stopped, or would target a small audience. However, when Avast looked into the matter, they found that the apps involved were actually highly trafficked and downloaded apps.

The apps that were impacted by this malware or adware were actually an IQ test game, a card game, and a Russian history trivia app. While those topics might seem mundane, the individuals who installed the malware were actually quite clever according to Avast. What they found was that the ads wouldn’t immediately show up, but rather it would take up to a month for the ads to begin showing. This was the point at which the app would then begin collecting data. It was found that the card game had between 5 and 10 million downloads, something that really concerned Avast, and even had 43,000 reviews on the Google Play.

The somewhat confusing thing about the adware that is prominent on these apps it the fact that, like most adware, the ultimate goal is being redirected to different sites, applications, or prompted to feed other personal information into otherwise unnecessary avenues – the apps are also prompting users to download entirely legitimate security apps. Filip Chytry, the author of a Avast blog post, who detailed the problems said, “These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don’t stop. This kind of threat can be considered good social engineering.”

The problem ultimately with these apps is that the ads will pop up on their devices right when they unlock their screen. Once the phone is unlocked users will be getting bombarded with fake requests to download things, or do things that they otherwise should not be doing.