Up to 1.5 million Android users may have suffered a serious data breach after downloading malicious apps, according to Symantec.
The security giant identified three apps, all posing as pornographic wallpapers, that were available through Google Play for more than 30 days, despite pornography being banned from the store.
Once downloaded, the app steals the user's Googlemail address, GPS co-ordinates, handset IMEI number and network operator information.
This data is then transmitted by the app back to a remote command-and-control server.
Analysis run by Symantec showed all three apps were from the same developer and are all identified by the company as Android.Coolpaperleak.
The organisation also discovered the apps were not a modified version of a safe app, but were malicious from the beginning.
"The erotic and porn industries are the most browsed on the internet," said Lionel Payet, a Symantec threat intelligence officer.
"If you just combine the most downloaded type of apps (wallpapers) with the erotic and porn industries, you will have in your hands the perfect chemistry for a top download application in no time."
This new threat comes on the back of research by fellow security player Kaspersky Lab, which showed 99 per cent of mobile malware was targeted towards the Android operating system.
Two of the most prevalent malwares detected, Opfake and Fakeinst, were so-called premium SMS diallers, which send SMS messages from a user's phone to a premium rate service without their knowledge.
Similar SMS scam apps pretending to be official London 2012 gaming apps were also found to be targeting Android users in the summer.
Kaspersky claimed the reason Android devices were popular targets was not because of how widely used the operating system is.
"The core security issue...can be traced back to the lax security of the Google Play marketplace, especially in comparison to the Apple iOS App Store," the company said.
"Surely more of the same is in store for 2013," it added.
