A number of apps have recently made their way into the Google Play Store with a little something extra: malware.

The malware, which has been dubbed “Joker,” is designed to sneakily sign users up for subscription services, ones that they might be charged for over the course of several months before they even realize that they’re subscribed.

Cybersecurity researcher Aleksejs Kuprins explained the issue in detail in a Medium post.

The malware appears to be targeting specific countries, including  Australia, Austria, Belgium, Brazil, China, Cyprus, Egypt, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kuwait, Malaysia, Myanmar, Netherlands, Norway, Poland, Portugal, Qatar, Republic of Argentina, Serbia, Singapore, Slovenia, Spain, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom and the United States.

The majority of the apps in question targeted specifically European and Asian countries and required a user to be using a SIM card from those regions in order for the malware to execute. In total 24 different apps were infected with the malware. Those apps were installed roughly 472,000 times. Metadata suggests that the apps started their campaigns in June 2019, although some may have also existed in the past.

That said, Kuprins notes that Google seems to be on top of the issue. Google removed all of the impacted apps from the Google Play store without any contact from the security researchers. 

If you did install any of the apps on this list, now’s the time to uninstall them. You’ll also want to pay attention to your credit card statements to make sure you haven’t been signed up for anything without your knowledge.

This is the second time in recent weeks that malware was discovered in popular Android apps. In late August, Kaspersky found that a scanning app called CamScanner contained malware as well.

Kuprins also suggests paying attention to what permissions apps ask for when you install them on your phone. Presumably, some of these apps made it clear that they were accessing some parts of your phone that they shouldn’t have needed access to. Whenever you see something like that in an app, especially a little-known Android app, it’s a good idea of exercise caution, and potentially not install the apps in the first place.