Google removed more than 20 apps from its Play Store which researchers said contain a new variant of the ‘HummingBad’ malware found on devices a year ago.

According to security firm Check Point, the infected apps were downloaded several million times by unsuspecting users.

This new variant, dubbed ‘HummingWhale,’ includes “new, cutting edge” techniques enabling it to perform ad fraud “better than ever before”, the firm said.

The original malware stood out as an “extremely sophisticated and well-developed malware, which employed a chain-attack tactic and a rootkit to gain full control over the infected device”.

It was spread through third-party app stores and affected more than 10 million victims, rooting thousands of devices each day and generating at least $300,000 per month, Check Point said.

In fact, HummingBad was so widespread that in the first half of 2016 it reached fourth place in ‘the most prevalent malware globally’ list, and dominated the mobile threat landscape with more than 72 per cent of attacks.

In July 2016, Check Point said it unraveled the infrastructure behind the malware’s activities and managed to identify Yingmob, the group behind the campaign, but admitted that “it was probably only a matter of time before HummingBad evolved and made its way onto Google Play”.

HummingWhale can install apps without gaining elevated permissions; is able to disguise malicious activity in order to infiltrate Google Play; and can install an infinite number of fraudulent apps without overloading the device.

All of the apps were uploaded under the names of fake Chinese developers.

HummingWhale also conducted malicious activities, like displaying illegitimate ads on a device and hiding the original app after installation.

It also tried to raise its reputation in Google Play using fraudulent ratings and comments.

Last month, Check Point found that malware called Gooligan breached the security of more than 1 million Google accounts.