Do you want a "coronavirus safety mask" and think you can get it through an Android app? If so, you're about to fall victim to a bizarre multi-step scam discovered by Zscaler researchers.

The scam begins on a website that, as of this writing, is still publicly available and says, "Download and install the app from the button below. You will get the Corona Safety Mask."

It begins with a website that states.

Clicking the button downloads the android app installation file to your computer or mobile device and installs it on your sideloaded or android device.

Once the app is launched, another button appears that says "GET SAFETY MASK." Tapping it will bring up a second scam site that purports to sell masks. But right now, the mask sales site is not selling anything. Apparently, "because you infected (the mask site) with a high dose of traffic."

In other words, you can't get a mask. However, the app maker gets all your contacts from your android phone and sends an email to everyone you know inviting them to the first "coronavirus safety mask" site, and the cycle of absurdity begins again. (You can deny permission to read your contacts or send SMS messages when you install the app.)

Avoiding this scam is very easy. Do not install Android apps from anywhere other than the official Google Play store. Install and run the best Android antivirus apps. And don't believe random websites that offer to sell you hard-to-find medical supplies.

That's all this scam does for now, but Zscaler's Shivang Desai thinks it can do much more.

"The malware asks victims to pay for the masks online and could steal credit card information, but we found no such functionality in the app," Desai wrote in a company blog post.