The malware, which is only known as jSMSHider, can infiltrate rooted devices and handsets running certain custom ROMs. Reportedly, CyanogenMod users should be fine as long as they are running the custom ROM's latest version. It is nice to know that until now, there have been no reports of the malicious code coming along with any apps distributed through the Android Market, so if you have not downloaded anything from any third-party software marketplaces, you should be fine. Once in control of your device, jSMSHider has full access to your text messages and it can also install other apps without you even noticing. Besides that, the malware can communicate with a remote server meaning that data from your smartphone might end up in someone else's possession.
Fortunately, jSMSHider has not been known to have caused any major damage so far, but considering the narrow field of users that it targets, we doubt that it ever will. Nevertheless, its existence goes to show that you should always be careful when downloading software from any unreliable sources.
source: Lookout Mobile Security via Electronista