Less than a day after a report from RiskIQ Inc. found that app stores fail at providing protection to consumers, Google Play has justified its second-place spot on the most-dangerous list with the discovery of a massive new Android app malware outbreak.

It was first spotted by researchers at Check Point Software Technologies Ltd. Fifty apps listed on Google Play were discovered to be infected with what the security firm dubbed “ExpensiveWall,” a form of malware that sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge.

Not surprisingly, the apps infected with ExpensiveWall were all masquerading as legitimate apps that offered services including free wallpaper along with camera and video editing tools, although in one case an app “12 Pisces lite” (translated from the Thai ดวง 12 ราศี Lite) was offering horoscope predictions. It’s believed that ExpensiveWall infected apps were installed by 1 million to 4.2 million users.

In its initial infection stage, ExpensiveWall is focused on making the bad actors behind it money. But Check Point warned that “a similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control server. Since the malware is capable of operating silently, all of this illicit activity takes place without the victim’s knowledge, turning it into the ultimate spying tool.”

Google Inc. was informed Aug. 7 that the app store was offering users apps infected with malware. A spokesperson told Fortune that “we’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe.”

The fact that the Google Play store was gleefully distributing malware without Google’s knowledge, yet again, casts aspersions on Google marketing exercises such as “Google Play Protect,” a program that is meant to protect Android users from malicious apps.

Image: Etamme/Wikimedia Commons