Millions of people use their smartphones to play games like Candy Crush, get the headlines from the New York Times, and use social media sites like Facebook and Twitter. But this week new research revelaed that thousands of apps for Android phones may be infected with malicious adware that is virtually impossible to remove.

The mobile security company Lookout this week said that their research has identified about 20,000 rogue apps, according to PC World. The apps identified by the firm include many that are among the most widely downloaded by smartphone users.

The apps appear identical to and are functional copies of popular Android apps, but they carry malicious code that integrates itself into the user’s phone. Unlike most malware, the apps “root” into the devices, gaining administrative access and thus making it almost impossible for users to remove them.

Once the rogue code is installed, the apps incessantly display advertising on the devices. The Lookout research found that users with infected devices are primarily found in the U.S., Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.

In addition, users were typically only infected from apps purchased through third-party app retailers, so users who stick with Google Play for their downloads are not at risk. Some users prefer third-part sellers, who may not have the same restrictions as Google Play, which disallows certain types of apps, such as gambling and porn-related apps.

The lookout researchers say that hackers likely are automating the process of taking legitimate apps from Google play, infecting them, and then uploading them to third-part vendors’ sites. They identified three potentially related families of apps that can automatically root devices.

The researchers say they expect hackers to develop even more sophisticated malicious apps that may be able to access phones system directories and elude detection.