Dr. Web antivirus team has discovered a new batch of malicious Android apps on the Google Play Store that have been downloaded more than 10 million times by users.

The adware apps are modifications of existing families that first appeared on the Google Play Store in May 2022. After they are installed, the apps request permission to overlay windows over any app.

The malicious apps hide their icons from the app drawer or replace them with something like a core system extension such as a “SIM Toolkit.” The malicious apps can also hide their icons from the app drawer, so that they can continue to run in the background when the victim closes the app.

While Google has removed most of these malicious apps, some are still on the Google Play Store. Even after they have been removed after installation, users still need to manually uninstall them on their devices and then perform an AV scan to remove any leftovers.

To stay safe when using Google Play Store, it is important not to trust any app. Therefore, users are advised to check user reviews and ratings, visit the developer’s website, read the privacy policy, and pay attention to the permissions requested during installation.

Users are also advised to download only the apps they need and ensure that Play Protect is active on their devices.