Security researchers have discovered a number of Android apps in the Google Play Store that have the ability to install plugins that can intercept SMS messages sent and received on the device.

Security firm SophosLabs reported finding two apps in Google’s official marketplace for apps that can steal text messages. The apps, from a developer named New.App, have been available for several months and have been downloaded an upwards of a half a million downloads.

Read: Android Malware: Apps In Google Play Store Spread 'Judy' Adware Attack To Nearly 40 Million Phones

The threat, which has been labeled as Andr/SpyAgnt-X by Sophos, was found in one app that billed itself as a shortcut to the top downloads on the Google Play Store. Another app presented itself as an information app called “Skin Care Magazine.”

According to Sophos, once one of the apps has been installed on a users’s device, it will launch a process to download a plugin called abs.plugin.as.jar. Both apps attempt to retrieve the add-on from the same domain.

Once the malicious payload is downloaded from the remote site, it will check the version of Android running on the device. If it is between 4.2 to 4.4—more than a quarter of Android users still run one of these versions of the operating system—then the app will request permission to access SMS messages.

If the plugin is granted the permission it requests, it can read all messages in the user’s SMS inbox. It also has the ability to send messages from the account and communicate with the remote website operated by the malicious actor.

Read: Lipizzan Malware: Google Discovers, Blocks Malware That Could Spy On Android Users

Both apps—Skin Care Magazine and App Play Store—from the developer New.App continue to be available in the Google Play Store. Sophos said it reported the apps to Google but they have yet to be removed.

Skin Care Magazine, which has three reviews and a 3.7 star rating, has just 100-500 downloads according to the Play Store. App Play Store has an upwards of 500,000 installations and has received nearly 3,000 reviews with a 4.3 star rating.

845x570banner_NEW
Newsweek Media Group is partnering with Structure for a security event Sept. 26-27 in San Francisco. Newsweek Media Group

The apps discovered by Sophos are far from the first apps discovered in the Google Play Store that hide a more malicious intention. Earlier this week, Google announced it discovered and blocked a new family of malware in apps within the Google Play Store.

The malware, dubbed Lipizzan, could hijack a user’s email, SMS messages, location information, voice calls and local media, as well as also snap screenshots of the user’s device and hijack the camera to take pictures or record video.

Earlier this year, an adware attack known as Judy managed to infect 40 million phones through Google’s official marketplace and was used to generate income through malicious advertisements displayed on the device of victims.

In response discovery of malware attacking Android, Google has recommended users make use of Google Play Protect, a security suite for Android devices that scans apps and ensures their legitimacy.

Google has advised users to download apps exclusively from the Google Play Store rather than from third-party app stores—where malware is even more common—and to disable installations from unknown sources. The company also suggests keeping devices up to date with the most recent security fixes.