"Cybercrime is all about making easy money with minimum of effort," Botezatu said. "Creating a piece of malware that is stable, tested and does not crash the host device requires a lot of work and skill." Using an affordable DIY builder like Zeus, SpyEye and now Dendroid, is a much more convenient alternative for cybercriminals, he said.
While malware distribution on Android is harder to scale than on Windows, because Google has gotten much better at policing the Google Play store in recent years, there are variety of techniques that attackers can and have used to trick users into installing malicious apps on their devices.
These techniques include distributing malicious apps through third-party app stores that are very popular in certain markets like China or Russia, using Windows malware to inject rogue messages into Web browsing sessions to claim the rogue apps are associated with trusted sites like online banking ones, and even selling phones with trojanized apps pre-installed on them.
A mobile security company called Marble Security recently identified a fake and malicious Netflix app that came pre-installed on multiple Android devices from Samsung Electronics, Motorola Mobility and LG Electronics. The company believes the app might have been installed on the devices somewhere in the supply chain.
Malicious apps are still found from time to time on Google Play, but they're usually quickly removed. In a marketing video posted by the Dendroid authors online they claim that the new RAT contains techniques to bypass detection by Bouncer, Google Play's automated malware scanner, and other anti-virus programs. However, it's not clear how effective those alleged techniques actually are.