Researchers found 22 malicious apps that downloaded more than 2 million times