Researchers are tracking a pay-per-install scheme being marketed through a Russian web forum where criminals are recruited to load malware on Android devices in return for payment.
The mainly Russian victims primarily downloaded malware through bogus apps that appeared to be legitimate.
After the app was installed, malware forced the infected device to send out SMS messages to premium-rate numbers owned by the attackers who were paid for receiving the texts.
The crooks earnt a significantly higher fee than those who participate in pay-per-install rings targeting Windows PCs, researchers at security firm ESET said.
ESET security intelligence program manager Pierre-Marc Bureau said the fraudsters made between $2 and $5 per installation -- 10 times more than similar Windows malware installations.
“In my experience, it is the first time we've seen such an organised group targeting Android devices, but I wouldn't be surprised if there were others,” Bureau told SC.
ESET researchers spotted the threat in May after discovering a Russian web forum which began operating in late 2011 with the specific purpose of supporting the Android pay-per-install scheme.
“We are still working with different sources to shut down the forum, but right now it's still active, so we prefer to keep the name private,” Bureau said.
“It's really a forum they set up for the only purpose of trading and selling infections for Android devices. These guys are quite sophisticated. For instance, if someone is willing to buy the infections, they are building their own [customer service] tools to relay information.”
A Google spokeswoman declined comment. In many cases, malicious mobile apps foisted by attackers were distributed through third-party marketplaces.