More than 11 million people have become part of an ad-fraud scheme, without realising, a new report has revealed.
Their phones have been attacked by a malicious scheme called Vastflux.
The attack spoofed 1,700 apps and targeted 120 publishers, Wired first reported.
The criminals behind the operation were requesting a staggering 12 billion adverts per day.
The organised attack was uncovered by the cyber firm Human Security.
Yet the hackers were not trying to hijack the entire phone or app.
Instead, they targeted just one ad slot, in which they put a malicious code, having won the auction for that ad space.
The code ensures the one advert would multiply into as many as 25 video adverts underneath the surface, yet reveal only one on the top.
It made the ad look just like any other.
However, the fraudsters were accruing cash from an enormous number of advertisements, but only revealing a few of them to tech users.
According to Marion Habiby, a data scientist at Human Security, Apple iOS devices, such as iPhones and iPads have been impacted the most severely.
Sadly there is no way of consumers knowing which apps were being utilised as vessels by the hackers.
But experts told smartphone users to look out for unexplained leaps in data usage, or having the phone's screen turn on, at specific times.
They also indicated to keep an eye on the performance of an app to see if it slows down suddenly or crashes frequently.
Yet consumers themselves were not the target and were not left worse off.
Thankfully, the hackers seem to have shut off their operation, after Human Security worked with the organisations that had been victims of fraud.