Security firm Kaspersky has found a trojan that poses a risk to some 60 percent of Android devices.
Anyone running Android 4.4.4 and earlier is at risk as the malware was created by "very professional cyber criminals" and can allow in-app purchase theft and all the problems that come with privilege escalation, Kaspersky warned.
"Triada is as complex as any malware for Windows, which marks a kind of Rubicon in the evolution of threats targeting Android," the company said.
"Whereas previously, the majority of trojans for the platform were relatively primitive, new threats with a high level of technical complexity have now come to the fore."
Android users are at risk if they download aps from untrusted sources, but Kaspersky said in a blog post that the apps can "sometimes" make their way onto the official Android store.
"A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it's a demon whose purpose is to launch Android applications," Kaspersky explained.
"This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.
"After getting into the user's device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions."
The security firm added that the complexity of Triada's functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.
Kaspersky warned that it is nigh on impossible to rid a device of the malware if it is infected.
"Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only. In addition, all separately running trojan processes are hidden from the user and other applications. As a result, it is extremely difficult for the user and antivirus solutions to detect and remove the trojan."
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference on 24 November.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith