The majority of antivirus products failed to detect a piece of malware targeting Android devices, network security company FireEye has reported.
The Android app "google play stoy" managed to avoid detection by 48 out of 51 antivirus vendors, according to research released by FireEye.
The vendor claims the malware cannot be removed from phones once the device is infected.
The app collects text messages, signature certifications and bank passwords from Android devices.
It disguises and positions itself near the real Google Play store app on users' home screens, and avoids detection by traditional, signature-based anti-virus products by compressing and embedding itself behind a fake user interface.
Once installed, a hacker uses a dynamic DNS server with Gmail SSL protocol to collect the text messages, signature certificates and bank password from Android devices.