Security firm RiskIQ tested more than 350,000 Android apps used for banking-related purposes and found that more than 11 percent were suspicious.

The apps, which spanned the world’s top 90 app stores, were flagged for containing malware or suspicious binaries identified by AV vendors, the firm said in a Wednesday release. Among the 40,000 mobile apps deemed “suspicious,” a large number contained adware (21,076 apps) or trojan malware (20,000 apps).

In a statement, RiskIQ CEO Elias Manousos said that the findings showcased how “criminals are using look-a-like banking apps to distribute malware and capture data on the device in order to commit crimes.”

Out of the entire sampling of apps, totaling 350,000, many demonstrated “excessive permissions,” like the ability to capture device logs (8,672 apps), record audio (8,408 apps), and access users’ contacts lists (7,188 apps), the company found.