The SpyDealer malware has existed for almost TWO years and is capable of stealing information from 40 apps including Facebook, WhatsApp and Skype.
The trojan is capable of grabbing vast amounts of sensitive information from users, such as phone numbers, messages, contacts and call history.
It is even capable of finding out the location of the compromised device and – quite terrifyingly – recording any phone calls you make.
Any surrounding audio and video will be recorded, and Spydealer can also use the front and rear cameras of a device to take pictures.
The Spydealer malware was discovered by researchers from Palo Alto Networks, and it’s believed that as many as 500 million devices are at risk.
The dangerous malware is only effective against Android users – specifically those running versions Android 2.2 to Android 4.4
However, that’s still estimated to be half a billion devices.
Experts believe the malware was NOT spread through the Google Play store.
Instead, the three versions of SpyDealer that are being spread is via third party app stores disguised as ‘Google Update’ software.
In a blog post, Palo Alto researchers Wenjun Hu, Cong Zheng and Zhi Xu said: “SpyDealer is only completely effective against Android devices running versions between 2.2 and 4.4, as the rooting tool it uses only supports those versions.
“This represents approximately 25 per cent of active Android devices worldwide”.
SpyDealer opens a backdoor on compromised devices by abusing a commercially available Android accessibility service feature.
It then roots the phones into providing superuser privileges.
The malware is capable of receiving instructions from a command and control server, as well as via text.
This means that the hackers behind the malware can alter what information they’re getting.
Researchers are not clear how devices became infected, but it could have been spread via compromised wireless networks in China.
SpyDealer has been in action for more than a year and a half, with the oldest know case dating back to October 2015.
It’s also regularly being updated, with the most recent version coming into effect in May 2017.
Many of the apps targeted by SpyDealer are native to China – such as WeChat and Tencent Weibo.
But a large amount of the apps at risk are also used worldwide – such as Facebook, WhatsApp, Skype, Firefox and Telegram.
Palo Alto Networks has reported the dangerous malware to Google, who are able to create new protections for users through Google Play Protect.
Express.co.uk have contacted Facebook and WhatsApp for comment.
The latest malware threat comes after Android users were warned about the Judy malware in May.
Experts feared that 36.5million devices may have been infected by malware from some 41 malicious apps on the Google Play store.
The Judy malware campaign produced fake advertising clicks in order to generate revenues for those behind it, according to the security firm Check Point.
Experts fear some 41 malicious apps which were downloaded up to 18.5m times from the Google Play store have spread the malware.
The strain was dubbed the Judy malware after the cutesy character ‘Judy the chef’ who appeared in most of the affected apps.
Check Point added that the Judy malware campaign is “possibly the largest malware campaign found on Google Play.”