"The malware essentially turns your Android phone into a tunnel that can bounce network traffic off your phone," said Kevin Mahaffrey, co-founder and CTO of Lookout Security, a San Francisco-based firm that focuses on Android.

about the new malware, dubbed "NotCompatible," on Wednesday. Further analysis, however, has revealed the most likely reason why cyber criminals are spreading the malware.

"There are a couple of ways they can profit from this," said Mahaffrey in an interview. "One is general online fraud, the other is targeted attacks against enterprises. We haven't seen any evidence [of the latter], and have confirmed that it is engaged in online purchasing activity."

Once installed, NotCompatible turns an infected Android device into a proxy, through which hackers can then direct data packets, in essence disguising the real source of that traffic by using the compromised devices as middlemen.

Lookout has monitored traffic through NotCompatible-infected Android devices to purchase tickets via TicketMaster, for example, as well as other goods and services.