If you're an Android smartphone user, there's a new and dangerous Trojan that could land you in serious security trouble.
Called "GGTracker," the Trojan is capable of signing victims up for premium text-message subscription services without their consent or knowledge, the mobile security firm Lookout Mobile wrote in a blog posting.
The Trojan's method of attack is particularly sneaky, and could very easily go undetected.
GG Tracker, Lookout Mobile says, is hidden within in-app advertisements. The ads direct users to a screen that looks just like the official Android Market installation screen, and offers users free applications, including a fake battery optimizer called t3t.pwower.management, and a porn app called com.space.sexypic.
Lookout urges Android customers to "only download apps from trusted sources," and to examine the app developer's name, reviews and star ratings to ensure the app is safe and hasn't been flagged as dangerous.
This is one of the few Android Trojans to infect American smartphones; the majority have been found in Chinese-language app stores unauthorized by Google.
Unfortunately for Android and its maker, Google, GGTracker is not unique among malware specifically designed to wreak havoc on Android smartphones.
Last week, two pieces of data-stealing malware, "Plankton" and "YZHCSMS" were found embedded in apps in the official Android Market. These joined a growing list of malware, including "DroidDream" and "DroidDreamLight," both of which harvest users' phone info and download malicious code to phones from remote servers.