Online security firm Symantec warns that the malware pretends to be a Google security update for Android but behind the scenes sends out SMS messages to a command-and-control server.
"On March 6th, 2011 Google published the application ‘Android Market Security Tool’, a tool designed to undo the side effects caused by Android.Rootcager. This application was automatically pushed to devices of users who had downloaded and installed infected applications,” said Symantec’s Mario Ballano.
Earlier this week Google confirmed that a number of malicious applications were published to the Android Market last week, forcing it to issue a security update.
Symantec says it has now identified suspicious code within a repackaged version of the ‘Android Market Security Tool’.
"This package was found on an unregulated third-party Chinese marketplace,” said Ballano. ”This threat seems to be able to send SMS messages if instructed by a command-and-control server. Analysis of the application is still ongoing, however, what is shocking is that the threat’s code seems to be based on a project hosted on Google Code and licensed under the Apache License.”
You can find out more over on the Symantec blog.