The malicious APK distributed by this Windows malware is detected by Symantec as Android.Fakebank.B and masquerades as the official Google Play application. Once installed on a device, it uses the name "Google App Store" and the same icon as the legitimate Google Play app.
The malware appears to target online banking users from South Korea.
"The malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions," Liu said. It also intercepts SMS messages received by the user and sends them a remote server.
The targeting of online banking apps and the theft of SMS messages that can contain transaction authorization sent by banks suggest the motivation of this malware's authors is bank fraud.
Even if this particular threat targets users from a single country, malware coders commonly borrow ideas from each other and replicate successful attack methods.
Liu advised users to turn off the USB debugging feature on their Android devices when not it's not needed and to be wary of connecting their mobile devices to computers they don't trust.