"For example a QR code could be used to download malware that directs the phone to send text messages to premium SMS numbers.'
AVG says, in its Community Powered Threat Report for Q4 2011: "Malware targeting mobile devices evolves frighteningly fast and has the potential of being even more destructive than before'¦While consumers are going mobile, so are the cyber criminals. We have witnessed the use of the same malicious intent tactics targeting mobile devices: social engineering, stolen or fake certificates to sign malware, root kits and other tactics."
AVG's CTO, Yuval Ben-Itzhak, said: "As phones become more like computers, so do the risks. Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater."
The report also warns that digital signatures attached to Android applications offer little guarantee of trust "Stealing or faking a private key of a trusted source (developer), will allow cyber criminals to sign their malicious applications with the same key as the trusted developer," it says.
"By doing so, the cyber criminal could sign and distribute applications that maliciously replace the authentic applications or corrupt them."