At least eight apps on Google Play that have been downloaded on 6,00,000 to 2.6 million devices contain a new Android malware called Android.Sockbot, cyber security researchers Symantec said on Wednesday. A malware is specifically designed to disrupt, damage, or gain access to a computer system.

On Google Play, the apps claim to help users modify the look of the characters in the game, Minecraft: Pocket Edition. But in the background, it enables a well-disguised attack that connects the device to a command and control server. The server then directs the device to connect to other ad servers.

But, the apps cannot actually display any advertising, Symantec said. This means, the servers could have been directing the compromised devices to participate in a variety of malicious activities. And, the users wouldn’t know, as the apps did perform its function of allowing Minecraft players to change skins and characters.

“We notified Google Play of the presence of these malicious apps on October 6, and Google has confirmed these have been removed from the store.” Symantec said.

In a similar breach in August, Google Play had expelled at least three faux messaging apps it discovered were “capable of covertly taking photos, recording audio, retrieving call logs, and more.”