A malicious app that racks up charges on handsets running Google Android has been discovered.
Security firm Kasperksy Labs identified the app, which is thought to be the first of its kind.
The malicious software is disguised as a media player. However, once the 13KB file has been downloaded onto a handset, it begins sending text messages to premium rate numbers without the owner's knowledge or consent, "resulting in money passing from a user's account to that of the cybercriminals".
"IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform," says Denis Maslennikov, mobile research group manager at Kaspersky Lab, in an advisory.
"It should be noted that there have already been isolated cases of devices running Android being infected with spyware. The first such program appeared in 2009," he added.
Kaspersky said that while the malicious app had affected most Russian Android users, the risk to worldwide users was low.
However, the security firm advised owners of phones running the Android OS to pay close attention to the services that an application requests access to when it is being installed.
"That includes access to premium rate services that charge to send SMSs and make calls. When a user agrees to these functions during the installation of an application, the smartphone may then be able to make calls and send SMSs without further authorisation."
The news comes just days after the BBC revealed it had created its own malicious smartphone app, which tracked a users location and contacts, in a bid to see how easy it is for cyber criminals to build software to steal data from handsets.