For safe mobile phone experiences, users should be careful with every application they install (esp. non-mainstream apps which promise free games or other services)

As botnets go, the Android SMS botnet was “an unsophisticated attack,” Andrew Conway, a security researcher with Cloudmark, wrote on the company blog Dec. 16. An SMS message offering free games or other scams tricks users into downloading a malicious app from a third-party app store onto their Android devices. Once installed, the app can send SMS spam messages to other users without the user’s permission or knowledge. Lookout Mobile Security has dubbed this family of malware SpamSoldier and noted that the malicious app takes steps to hide its stealthy activities. The icon is removed from launcher so the user doesn’t know the app is running, outgoing spam texts are not logged, and incoming SMS replies are intercepted so that the user “remains blissfully unaware,” said Lookout’s senior product manager Derek Halliday. “You better have an unlimited message plan or your phone bill may come as a bit of a shock,” Conway wrote on Cloudmark’s blog.