Security firm Kaspersky has found a trojan that poses a risk to some 60 percent of Android devices.
Anyone running Android 4.4.4 and earlier is at risk as the malware was created by "very professional cyber criminals" and can allow in-app purchase theft and all the problems that come with privilege escalation, Kaspersky warned.
"Triada is as complex as any malware for Windows, which marks a kind of Rubicon in the evolution of threats targeting Android," the company said.
"Whereas previously, the majority of trojans for the platform were relatively primitive, new threats with a high level of technical complexity have now come to the fore."
Android users are at risk if they download aps from untrusted sources, but Kaspersky said in a blog post that the apps can "sometimes" make their way onto the official Android store.
"A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it's a demon whose purpose is to launch Android applications," Kaspersky explained.
"This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.
"After getting into the user's device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions."
The security firm added that the complexity of Triada's functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.
Kaspersky warned that it is nigh on impossible to rid a device of the malware if it is infected.
"Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only. In addition, all separately running trojan processes are hidden from the user and other applications. As a result, it is extremely difficult for the user and antivirus solutions to detect and remove the trojan."
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference on 24 November.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun