McAfee has come across some suspicious applications hosted on Google Play.
The applications are distributed as hacking tools, utility tools and pornographic apps by different developers.
These apps seem to offer no functionality based on their titles, stating "increase Internet speed" and "phone hacking," for example.
Once installed by the victim, the apps appear to work at first, but they are all fake, using hard-coded or random valued codes to seem legitimate.
The apps also bundle several components that relentlessly show advertisements after the user closes the app.
According to McAfee's research, one of the ad modules has an online scanning function, which checks installed apps on the device without the user notification and aggressively displays a purchase screen.
There were also ad module attempts to download the alleged antimalware application Armor for Android from a remote server.
McAfee has advised that as always, users should never install unknown or untrusted software. This is especially true for illegal software, such as cracked applications. They are a favourite vector for malware infection.