Google has banned four more Android apps as the internet giant has warned millions of people to delete them now to prevent the theft of personal data.
Security experts at Malwarebytes discovered the dangerous software listed on the Google Play store, which was loaded with malware that directed unsuspecting users to phishing websites.
Once there, the users' data could be stolen.
The four apps have now been removed from the Google Play store, but those users who downloaded them before they were delisted are being urged to delete them from their Android device as soon as possibe.
The offending apps were all released by a developer called the "Mobile apps Group", the Express reports.
At the time of writing, the company's website was not accessible.
The most popular app released by the developer on the Play Store was called Bluetooth Auto Connect.
The app had released back in October 2020 and was downloaded over a million times.
The other dodgy apps were called Bluetooth App Sender, Mobile transfer: smart switch and Driver: Bluetooth, Wi-Fi, USB.
One way the apps had managed to get past Android security systems was by delaying its deployment of malicious behaviour.
The first few days after installing these apps were typically smooth sailing, with any untoward behaviour typically starting later.
At this point, spam phishing websites would begin to appear on a victim's device.
While initially it could seem that these websites weren't too much to be worried about, the pages got more insidious as time went on.
According to Malwarebytes, the malicious app begins opening phishing sites in Chrome.
The content of this would vary. While some were harmless sites used simply to produce pay-per-click.
Others were more dangerous phishing sites which attempted to trick unsuspecting users.
One such site included adult content which would lead to a phishing page telling the user they've been infected, or needed to perform an update.
"The Chrome tabs are opened in the background even while the mobile device is locked. When the user unlocks their device, Chrome opens with the latest site.
"A new tab opens with a new site frequently, and as a result, unlocking your phone after several hours means closing multiple tabs. The users browser history will also be a long list of nasty phishing sites," Malwarebytes said.
Although the apps no longer appeared on the Google Play Store, those who had already downloaded them would need to delete them to keep their Android device safe.