Security researchers say they have discovered a huge botnet running on the smartphones of more than a million unsuspecting mobile users in China.
The devices had been infected by a Trojan-based attack first discovered in 2011, news agency Xinhua reported.
The botnet can allow the smartphones to be hijacked remotely and potentially used for fraudulent purposes.
The warning comes as mobile internet use in the country has soared, growing by more than 18% in the past year.
There are now more than 420 million mobile users, according to the China Internet Network Information Center (Cinic).
The surge has attracted the attention of Apple chief executive Tim Cook, who met with the chairman of China Mobile last week.
Details of the meeting were scant, but a China Mobile spokesman said it was regarding "matters of co-operation" in the region.
While Apple already has deals with two Chinese mobile operators - China Unicom and China Telecom - it is yet to strike a partnership with China Mobile, the biggest operator in the world in terms of subscriber volume.
But this latest Trojan warning inflames worries over unlicensed third-party app stores - and the poor awareness among users over possible threats.
Unlike Apple's closed system for apps, in which the company must approve all products in its store, Google's platform is far more open.
In China specifically, local authorities even went as far as to warn operators to clean up security weaknesses in their mobile app stores.
Security firm Kingsoft Duba said last year that the Android.Troj.mdk Trojan had been found in more than 7,000 apps downloaded from non-Google-owned stores.
Despite warnings at the time, it is believed that the Trojan is still very much active and enabling the growth of the botnet.
Users have been advised to monitor their call and data logs for unusual activity.