Researchers from Lookout Mobile Security are warning users of Android-based mobile devices about a new malicious application that bypasses the Android Market and downloads directly from in-app advertisements.
The data security firm has dubbed the new threat GGTracker, according to a post by software engineer Tim Wyatt on Lookout's company blog.
The malware works by tricking mobile users into thinking they've been brought to the Android Market after clicking on an in-app advertisement. So far, the ads used to lure in unsuspecting Android owners promote battery optimization or adult content.
In fact, the app store is artificial and the malicious software is downloaded onto the device. Users are then signed up for prime-rate SMS services without ever knowing.
"To our knowledge, this malicious application is not found in the Android Market," Wyatt wrote for the blog.
He added that cyber criminals may have chosen to bypass the Android Market given Google's recent commitment to crack down on malware-infested applications. According to eWeek, Google recently took down more than two dozen applications that were laced with DroidDream Light, a variation of a Trojan.
In March, Google removed more than 50 apps that were carrying the DroidDream malware, eWeek reported.
A CNN report on the malware advised mobile users to remain vigilant, as cyber criminals are almost certain to update their tactics following the discovery of the malware.
Google's Android mobile operating system and the devices run on it continue to be top targets for cyber criminals when it comes to mobile malware, according to a recent Boston Globe report. That's because of the open-source nature of the mobile operating system, coupled with its widespread use across the globe, according to the report.