The latest assortment of Android malware has been discovered by Terry Zink, who is an anti-spam expert at Microsoft. He managed to identify a series of bogus e-mail messages (read: spam) that have been all sent from compromised Yahoo! accounts on Android handsets. That was not too hard for him to figure out after analyzing pieces of code within those emails, and besides, all messages contained the following string at the end: "Sent from Yahoo! Mail on Android".
The infection that we are dealing with is called a botnet. Basically, the malicious code grants a hacker with enough access to the user's account to send spam to unassuming victims. Further digging showed that the majority of that spam comes from users in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. There is no word as to which version of Android these users were running.
But what allowed for this infection to spread at all? That is not too easy of a question to answer, but it is speculated that the malicious code came along with a copy of a paid application that these users obtained from an unauthorized source. In other words, pirated apps that have not been downloaded from the Google Play store.
So yeah, one more reason to be careful where you get your apps from. If you want to learn how to protect yourself and your device from malware, we have a pretty good guide available right here.