The malicious software was disguised as BatteryBot Pro, a real app for tracking the power usage of your phone. The fake version of the app was reportedly able to send text messages on the user’s behalf and also blocked users from deleting it from their phones.

The internet security company Zscaler wrote about the app spoofing on its official blog, noting that the practice of “embedding malicious modules into” an existing app is common on the Android operating system—more common than the other method of malware development, which is to create a malicious app from scratch.

Google promptly yanked the bad apple app from its store once it became aware of the problem.

One helpful way to spot malicious app right away? Pay attention to the permissions it requires, which it lists in its app description before you download. As Zscaler wrote, “The legit BatteryBotPro app demanded for minimal permissions,” while, in contrast, “Upon installation of the malicious app, it demanded administrative access, which clearly portrays the motive of malware developer to obtain full control access of the victim’s device.”