It works by getting an Android owner to install a file -- disguised as Windows Media Player, according to Trend Micro -- with the .apk Android extension. Once installed, the Trojan uses the system to send text messages to premium-rate numbers without the owner's knowledge, making money for the hacker.
The fake app doesn't appear in the Android Market, and the only way it could be put on your phone is if you install it yourself. You would also have to change your settings to allow apps from outside of the Market. Kaspersky doesn't reveal how Android owners are being conned into installing the app.
Mobile phones have suffered text-messaging Trojan attacks in the past, but this is the first time it has hit Android, though spyware has already been found on a few Android-carrying devices.
Security firms have been vocal about mobile malware for years, obviously because -- until now -- it's been an untapped goldmine.
The danger is growing for the mobile platform, however, since Android smart phones are becoming more popular. Hackers tend to target the more complex systems, as that's where the money is -- phones, of course, have built-in money-spending mechanisms, so they're much easier to make a profit from than PCs.
"The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smart phone manufacturers.
"As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform," says Kaspersky mobile researcher Dennis Maslennikov.
Security firm Veracode teamed up with the BBC to develop a smart phone game that allows the owner to be spied on, exposing how easy it was to breach iPhone 4 security.