Dubbed ‘Agent Smith’, the malware exploits vulnerabilities within the Android operating system to automatically replace installed apps with a malicious version without the user realising.
The new version then displays fraudulent ads for financial gain, though it could be used for more dangerous purposes such as stealing bank details or spying on someone through their camera or microphone.
Researchers at the cyber security firm Check Point discovered the Agent Smith malware, which was named after the shadowy character from The Matrix film series.
"The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own," said Jonathan Shimonovich, head of mobile threat detection research at Check Point.
Agent Smith has claimed majority of its victims in India, with around two-thirds of all infected devices located in the south Asian country, though the malware has also claimed a "noticeable number" of victims in the UK, US and Australia.
Around 137,000 devices in the UK have been infected with the malware, with a further 300,000 infections in the US.--The Independent