Millions of Android smartphones have been infected with malicious software capable of generating fake clicks for online adverts, according to security firms Check Point and Lookout.
Up to 10 million devices, mainly in China, have been affected.
The malware, referred to as Hummingbad, was discovered by Check Point in February 2016.
Malware is software that has been deliberately designed to harm computer systems.
Hummingbad “establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.”
According to a report Check Point, the malware was created by a group of Chinese cyber criminals known as Yingmob. The group uses Hummingbad to control 10 million devices around the world and generate up to $300,000 per month in fraudulent ad revenue.
Kristy Edwards from Lookout said in a blogpost: “It can remain persistent even if the user performs a factory reset. It uses its root privileges to install additional apps on to the device, further increasing ad revenue for the authors and defeating uninstall attempts.”
In a statement, Google said: “We’ve long been aware of this evolving family of malware and we’re constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe.”
Larger and more sophisticated attacks are expected in the future, experts say
Check Point said in its report that a “dangerous trend will escalate as other groups learn from Yingmob [the creators] and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future.”