An App entitled Guide forPokemon Gohas been removed after invasive malware was found hidden inside, but only after half a million users downloaded it.

Since its release this past JulyPokemon GOhas become an almostworldwide phenomenon. The augmented reality game has not only received praise from some of thebiggest people in the tech industry,but it also has earned more money than many of this year’smajor Hollywood films.

When any product becomes as pervasive in society asPokemon GOit is almost inevitable that others will attempt to capitalize on its success. Sometimes these entrepreneurs are entirely legitimate, such as the travel companythat isoffering paidPokemon GOtoursaround Europe. However, too often those trying to ridePokemon GO’swave of success seek to exploit the game’s popularity for less than reputable purposes.

Such is the case withGuide for Pokemon Go, an app that, until recently, was available on the Google Play store. Taken at face value, the app appears to deliver what its title claims, providing tips and tricks to help newPokemon GOplayers become more skilled at the game. But this seemingly innocuous app actually contains hidden malware, which could allow hackers to take control of any phone that has the app.

Kaspersky Labs, a software company that specializes in anti-virus software and virtual security, explained that the Trojan malware contained in the app is actually fairly sophisticated.

“It doesn’t start as soon as the victim launches the app. Instead, it waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine,” explained Kate Kochetkova of Kaspersky Labs.

As of now, over 500,000 people have downloaded the app and at least 6,000 of those phones are already infected by the malware. Kochetkova explained that this malware can be so dangerous to those who have been infected:

“For now, criminals have chosen a relatively mild way to earn money: ads. Tomorrow, they may decide to increase their income by locking your device and demanding ransom – or stealing money from your bank account.”

To those unlucky Pokemon trainers who inadvertently downloaded theGuide for Pokemon Go, Kaspersky Labs advises them to delete the app immediately and then run some scanning software to determine if their device is infected.

While having a device infected with malware is no picnic, it’s still fairly minor compared to some of the other hazards thatPokemon GOplayers have faced. Anyone who’s phone contains the Trojan software can at least take comfort in the fact that they aren’t beingstalked by a creepy clownordidn’t crash into a cop car.

Pokemon GOis currently available across iOS and Android devices.