Advertising is to be expected when using a mobile device. But a recently detected Android adware takes advertising to a whole new level by setting up other programs with advertisements in an unwanted and malicious way. It even steals confidential information from the victim.

Discovered by “Dr. Web,” a group of Russian anti-virus specialists, Android.Spy.510 is distributed by cybercriminals as a modified and initially nonthreatening AnonyPlayer media application. It installs an unwanted program module on Android smartphones and tablets, which will then display advertisements on top of launched programs. Victims are not aware of the threat it poses because it has legitimate functions and is operational, according to the specialists.

The threat of Android.Spy.510 is that when it is installed and launched, it gathers and sends confidential data to a command and control server. Some of this data includes the user’s login and password for Google Play, mobile device model, SDK version of the operating system, and availability of root access on the device.

(Related: Facebook wants its developers using Android)

Android.Spy.510 also tries to install a hidden program package with malicious features. It will show a text message offering the victim the chance to install AnonyService, which assures them confidential information protection.

This is really a trap though because the victim is actually installing the advertising module named Adware.AnonyPlayer.1.origin, which takes several days to start malicious activity, so the victim isn’t aware that anything is wrong with the installation. By that time, it will start displaying advertisements over programs, which may confuse and alarm users as to their source.

Dr. Web recommended Android users to only download from reliable sources, or else programs will be able to access their confidential information. The specialists also added Android.Spy.510 and Adware.AnonyPlayer.1.origin to their database, and they have “curing recommendations” on how to get rid of the virus.