It looks like we’ve got another Trojan spotted by Lookout Mobile Security. This malware, dubbed GGTracker, automatically enrolls you into paid SMS subscriptions.
How does this happen? Well first, the victim clicks on an in-app advertisement, which transports them to a malicious webpage disguised as an imitation Android Market. The page offers some variation of a sexy app or battery life improvement and offers it up for a free download. While your installing the “app” the trojan is operating seperately in the background and registering you for the premium SMS services.
The official Lookout blog says they haven’t seen it on the real Android Market, and they ever so subtly recommend you download a security service for your phone (they also mention that their premium and free customers are protected from his particular trojan).
Another option to avoid the trojan is to be careful not to trust unreliable application pages, and check the URL to avoid mistaking the fake page as the real market.