If all the different types of malware that find a way to sneak into the Google Play Store wasn’t enough, here’s another nasty surprise.

A new category of apps called “Fleeceware” has been unearthed on the app distribution platform; these apps were found to abuse the Play Store policies and grossly charge users hundreds of dollars for mundane services like calculators and QR code scanners.

The apps, while not outright malware, cumulatively racked up over 20 million installs.

Caught in the act by researchers at security firm Sophos, the app developers exploit the free trial period to charge customers anywhere between $100 to $240 at the end of their short trial.

Usually, the trial period is meant to entice users into trying an app‘s features without being billed. As per policies, Google lets developers set a free trial period of a minimum of three days.

Credit: Sophos The fleeceware apps still available on the Play Store

But it also mandates that users first cancel their trial and only then uninstall the app. While some developers interpret uninstallation as equivalent to cancellation, some others skirt this policy to charge users if they fail to cancel the trial despite uninstalling the app.

“Because these apps exist in a categorical grey area that isn’t overtly malware, and isn’t a potentially unwanted app (PUA), we’ve coined the term fleeceware, because their defining characteristic is that they overcharge users for functionality that’s widely available in free or low-cost apps,” Sophos noted.

After its findings were disclosed to Google, the internet giant pulled 14 of the 15 offending apps in question from the Play Store. The researchers later found nine more apps engaging in similar behavior, most of which are still available (listed above).

“These applications evaded Google’s attention by staying on the razor’s edge of legality, and exploited the fact that most people avoid reading fine print,” Sophos said in its report. “Worse, these apps are not even particularly good, unique, or effective.”

Read next: Bitcoin scammers are already impersonating Bakkt just days after its launch