According to Eset, these eight apps lured "users into paying perpetual subscriptions, sharing their personal information, and consenting to the receipt of marketing messages or watching ads. Hiding their true functionality, most of the apps promised to increase the number of the victim's social network followers."
But when users tried to get more followers, they were met with a "verification" step that signed them up for offers that cost money or involved consent to receiving marketing messages, sometimes via premium SMS.
The process also requested personal information including name, email, address, telephone number, date of birth and gender.
The apps were downloaded more than a quarter of a million time before they were removed from the store after Eset notified Google of the problem. The apps had attracted many negative comments about their misleading and ineffective nature, but that wasn't enough to get them removed.
"The malicious apps might no longer pose a risk for Android users at the moment but it is still important to let people know how they worked – similar apps could appear at any time on the Google Play store and repeat the same tricks," said FitzGerald.
One of the standard pieces of advice for avoiding mobile malware is to stick to the official app stores, but that clearly isn't foolproof.
Other tips from Eset:
Prior to installing any app, check its ratings and reviews. Focus on the negative ones, as they often come from legitimate users while positive feedback may be crafted by the attackers.
Facing sensational offers, keep in mind the golden rule: "If it seems too good to be true, it probably is." If they offer you half a million followers for free, with a single click – or after completing a survey – they will probably not be able to deliver.
Think twice when entering your personal information, giving consent to something or ordering goods or services. Be sure absolutely sure about what you receive in exchange.
Invest a small amount of effort in getting to know who you are about to do business with.
Use a quality and reputable mobile security solution to protect your device.