A piece of malware that security vendor Bitdefender calls Android.Trojan.MKero.A was first detected in late 2014. At that time it was being distributed through third-party marketplaces and social networks in Eastern Europe, especially Russia.
The malware has now been found in apps available on Google Play, indicating that its developers have found a way of masking its behaviour from Google's automated Bouncer screening system.
Once installed, Android.Trojan.MKero.A takes advantage of an online capcha-to-text service that uses real people (largely from countries including India, Vietnam, Indonesia and Pakistan) to decode the images. The service typically charges less than US$1 for 1,000 decodings, and the rate can be as low as US$0.70 at times of low load.
According to Bitdefender, two of the apps containing the Trojan have each been installed somewhere between 100,000 and 500,000 times. With a minimum charge of $0.05 per message, this means victims may have lost $250,000, the company said.
The company did not identify the apps that include Android.Trojan.MKero.A.
Detection and removal of the malware is "extremely difficult" without mobile security software, Bitdefender understandably stated.