The folks over at Lookout have warned us about a new malware threat, this time targeted at users outside of North America. The RuFraud malware will sign up users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia, Great Britain, Italy, Israel, France, and Germany to a premium SMS service by hiding inside apps that pretend to be download helpers for popular games and utilities, or wallpaper apps from movies like Twilight. This particular bit of malware does not affect users in other countries.
While most of the affected applications are found on file-sharing sites and unofficial markets, some have appeared in the official Android Market. The first batch were removed by Google after Lookout contacted them, and having only a "handful" of downloads they did not affect very many users. Unfortunately, 13 new apps were later uploaded that had been downloaded over 14,000 times before they were pulled. Lookout has been updated to remove and clean these apps from your phone if you downloaded them, and we expect other malware scanning applications will have followed suit.
A quick tip: It really sucks when popular applications (or Nexus phones) aren't available in your location. We understand. But any app that claims to be a helper to download an app that's otherwise unavailable is definitely suspicious. Don't use them. If the apps are free, ask your friends. Ask on forums. Root your phone, or use an app that disguises your location and opens the Market. I'm not condoning piracy here, but I'm a realist -- if you're going to circumvent measures that keep these apps from you, do it the smart way.