The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.
When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest's knowledge, sends a malicious APK file to the mobile web surfer's smartphone.
Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones. Symantec estimates in its most recent annual threat report that in 2011 some 18 percent of all mobile threats during the year involved premium SMS messages from infected phones.
"Malware that sends premium SMS text messages can pay the author $9.99 for each text and for victims not watching their phone bill could pay off the cyber criminal countless times," Symantec noted.