A low-cost version of the Samsung Galaxy S4 smartphone, called the Star N9500, may have saved consumers a few bucks – but didn't spare them of malware, which came built in the phone.

On Monday, a security firm in Germany, G Data, revealed that the Android phone, which was manufactured in China, contained a trojan called, “Uupay.D.” To the unsuspecting user, the data-stealing malware looks like a Google Play Store app.

According to G Data, users can not uninstall the malicious app, as it is “integrated into the firmware of the device,” a company blog post said. Worse yet, the phone is reportedly sold through popular online retailers, like Amazon and eBay.

Among the data vulnerable to the spyware are emails, text messages and banking details stored or inputted by mobile users. In addition, phone conversations could also be picked up by the “extensive espionage program,” G Data warned.