Dec 12, 2014 · 1 minute

Antivirus software company Avast has published a blog post warning consumers about mobile advertising networks that trick people into downloading malware which then steals a few dollars each month. This is accomplished via text messages giving 25 cents to the malware's creator a few times each week, and while that isn't much for most people, it can add up if the payments remain unnoticed.

It's actually pretty easy to avoid the malware: even though it disguises itself as legitimate software from the official Android marketplace, it has to tell potential victims how to allow apps from untrusted developers onto their smartphones. That should be enough to convince most of its targets to delete the malware and keep an eye on their phone bills for a little while, just in case.

The more troubling thing about this discovery is that it exploits a fundamental aspect of the modern software market -- its reliance on advertisements. If developers weren't so desperate to monetize their software through ads they wouldn't have to turn to dubious networks like the ones Avast identified, which would prevent the malware from reaching so many people.

It also demonstrates the dangers of even legitimate software asking for permission to access so much information when it's first installed. Malware that asks someone to connect to the Internet or tells them how to install software from untrusted sources doesn't seem all that strange when real applications require access to phone data, a device's address book, and other data to work.

Avast estimates that "a large number" of the 185,000 visitors to the three websites in its report -- espabit.com, playmob.es, and mobilecashout.com -- are probably infected by the malware. That's mostly the networks' faults, but at least some of the blame lies with consumers for trusting such dubious software, with developers for including these networks in their applications, and with everyone else for creating the system in which this malware is able to so easily spread.

[illustration by Brad Jonas]