The Trojan penetrates Android-based smartphones disguised as an ordinary application, says Kaspersky. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the "app" is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are actually the ones operating these numbers, so they end up collecting the money via charges to the victims' accounts.

From Russia, With Love

According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there's not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.

The Trojan-SMS category of malware is relatively common in the mobile ecosystem, but this is the first to specifically target Android-based devices. However, FakePlayer is not the first malware designed for Android, says the firm, as there have been isolated incidents of Android devices infected with spyware, the earliest occurring in 2009.

The choice of targeting Android devices in particular should come as no surprise to those following mobile industry trends. Given Android's meteoric rise in market share, it's no surprise to Kaspersky, either:

"The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers," says Maslennikov. "As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform."

Does Android Need AV?

The release of a Trojan disguised as an app is an inventive way to get malware onto mobile devices. In this case, the Trojan takes advantage of Google Android's openness - this operating system isn't tied to a closely managed and "curated" marketplace of approved applications like the iPhone is with iTunes. Although Google does step in to remove apps from its Market when security concerns are present, nothing prevents developers - especially nefarious ones like these - from forgoing official channels and publishing their own apps elsewhere, then tricking users into installing them.

But even if the Trojan came through backdoor channels, it's at least a small blow for an OS with security at the forefront of its design.

The security firm says it plans to release a version of Kaspersky Mobile Security for the Android operating system in 2011.

We can already picture the Apple vs. Android TV ads now: "iPhones aren't susceptible to the viruses plaguing Android phones..." Justin Long will smugly state. Now, who will play "Android guy?"