More than 60 banks have been targeted by apps that can steal banking login details and funds on Android mobile phones and tablets.
The bug creates fake login screens that have been placed into legitimate apps to gather data.
Google is clearly keen to find out who created these apps.
Norwegian mobile security firm Promon chief technology officer Tom Hansen found the bug called Strandhogg after the firm spotted malicious apps attacking bank accounts.
Google has said they will continue to investigate to protect play store and appreciate the researchers work.
Cyber security teams and fraudsters are in a constant battle to beat each other. We suggest you check your bank account via a different means than your mobile telephone to check for any malicious activity.