More bad news for Android smartphone owners — a new variant of a scary data-harvesting Trojan has been found in Google's official Android app market.
"App Installer" is marketed as an app designed to help users manage their .APK files, but in reality it harbors a variant of DroidDreamLight, a Trojan that steals victims' sensitive phone data and downloads malicious code to infected smartphones from remote servers, the security firm Trend Micro reported.
(DroidDreamLight, discovered hiding inside 24 Android apps back in May, is itself a variant of DroidDream, which hit the Trojan scene in March and was found lurking in more than 50 apps in the official Android market.)
[Safeguard Your Android Smartphone Before It's Stolen]
Once a user downloads the rogue App Installer, it initiates a service called AppUseService that sends the phone's identification data to a remote server every time the phone makes or receives a call.
Google has removed App Installer from the Android app market, Trend Micro wrote, but not before it was downloaded 50 to 100 times.
Even without DroidDream and its descendants, there are still, unfortunately, plenty for nasty Android threats for owners to worry about.
Earlier this month, researchers found an Android Trojan called " Androidos_Nickispy," which can intercept text messages, call logs and GPS locations from infected phones and even answer incoming calls.
Every Trojan needs an attractive host, and Androidos_Nickispy found a great one; it masked itself as a legitimate app from the popular new social networking service Google+.
There's now a market for people looking to make money off this phone-monitoring malware. Trend Micro found a Chinese website that sells back-end access to a server where, for between 2,000 and 6,000 Chinese yuan (about $300 to $940), they can retrieve emails, calls and texts from a target phone.
Trend Micro wrote that the service only allows customers to spy on phones running Symbian or Windows Mobile software, but "We won't be surprised, however, if they soon offer this to those who want to target Android users, especially since spying applications such as Nickiskpy are already being actively distributed on the Web."
To protect yourself from these and other threats, make sure you run anti-virus software on your smartphone. A list of options can be found here.