A security firm group CSIS has spotted a fake app on Google Play Store that was scamming Android users, more specifically Samsung phone users, in the name of firmware and security updates, The Indian Express reported.

The app, which has now been removed from the Play Store, would take users to ad-filled pages and charge them for software updates. The app required users to provide their credit card info rather than using Google Play subscriptions.

The details of the malware app “Updates for Samsung” was shared by Alex, the malware analyst at the CSIS Security Group on Medium.com. As per the report, the app was installed by over 10 million users.

The fake application claimed to provide users with free as well as paid Samsung firmware updates, the report said. However, Samsung doesn’t charge for any kind of firmware updates for its smartphones. All official Samsung updates are free of charge.

The report mentions that the app offered a free download with restricted speed limits of 56KBps, which took around four hours to finish a download more than 500MB in size. Also, the download would end up being timed out and fail.

It was used to push users a premium annual subscription worth US$34.99 to download the update with fast speeds. Apart from extorting money, the update reportedly showed ads on the main screen with an option to pay to remove ads.

The app also reportedly offered SIM card unlocking for any network operator, starting at US$19.99.

The analyst believes that the name of the app — Updates for Samsung — is responsible for such a large of users installing the fake app. Notably, the report says that the app doesn’t include any malicious code and it could be considered a tool used by crooks to trick people.