Ten thousand users downloaded a malicious app from the Google Play store over the last three weeks before it was removed.
The Bad Pigs app was designed to look like a popular app called Bad Piggies.
It redirected users to unwanted ads, including one that links to a fake anti-virus scan that charges users $20 week for the service, F-Secure security adviser Sean Sullivan said.
The Finnish anti-virus also directed users to enter their phone number which could be used for future scams.
Bad Pigs could also gain numerous permissions on mobile devices, including creating desktop icons that link to ad sites, displaying ads in the Android notification bar, and creating bookmarks in the user's browser.
It could access users' browsing history, determine their location via GPS and access other account information, including email addresses.
The app author's page contained two other fake Android apps which were subsequently removed.
.JPG&w=100&c=1&s=0)
