Up to 10 million android Smartphones have been infected by malware that generates fake clicks for adverts, say security researchers.
The software is also surreptitiously installing apps and spying on the browsing habits of victims.
The malware is currently making about $300,000 (£232,000) a month for its creators, suggests research.
The majority of phones that have been compromised by the malicious software are in China.
The malware gets installed on handsets by exploiting loopholes in older versions of the Android operating system known as KitKat and JellyBean. The latest version of Android is known as Marshmallow.
In a statement, Google said: “”We’ve long been aware of this evolving family of malware and we’re constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe.”
Google released the latest security update for Android this month and it tackled more than 108 separate vulnerabilities in the operating system. So far this year, security updates for Android have closed more than 270 bugs.