And not only is it complex, the malware is hard to find. Researcher Unuchek says "malware writers typically try to make the codes in their creations as complicated as possible… it is rare to see concealment as advanced as Odad.a’s in mobile malware." A previously unknown vulnerability in Android prevents the malware from being deleted once it obtains Device Administrator privileges.
Once extended Device Administrator privileges, the screen goes blank for 10 seconds after the device is connected to a free Wi-Fi network or Bluetooth is activated. Once it detects a connection, the Trojan copies itself and other malicious apps and sets up house in other nearby units. Kaspersky has already informed Google so hopefully some security patches can be sent to prevent the unaffected from catching this rather ugly strain of malware.
source: SecureList via AndroidPolice, BGR