The Google Play app Color Message, said to have been downloaded over 500,000 times, has been removed from the Play Store after it was linked to Joker malware.

Researchers from mobile security firm Pradeo have discovered malware hiding inside the Color Message app on the Google Play Store. More specifically, it hides Joker malware, which Pradeo says is extremely difficult to detect, thanks to the small digital footprint it leaves behind. It can also be difficult to remove, as it can hide its icon after it’s installed. According to Pradeo, Joker malware has been discovered in hundreds of apps over the past two years.

In Pradeo’s words, the Joker malware is a form of fleeceware, which can access users’ contact lists and send them to other parties over the network. It can also silently sign users up for paid services without their knowledge by intercepting SMS (Short Message Service) and simulating clicks.

The malware app uses a minimal amount of code to hide itself, making it difficult to detect once it is in place.