Users of mobile devices running Google's Android OS were warned this week against a new Trojan that buys apps on their behalf.

The Trojan dubbed MMarketPay.A was discovered on the China Mobile Marketplace although it has not been observed operating outside China so far, security vendor BitDefender said.

"When it reaches the mobile, it starts buying applications from China Mobile’s marketplace, which does not require the user to log in but rather identifies each user as it uses a China Mobile Access Point Name (APN). This allows China Mobile to add the price of every purchased application to the monthly phone bill," it said in a post on its blog.

BitDefender said the Trojan affects Chinese users subscribed to China Mobile, one of the world’s largest mobile phone carriers.

Citing a report by mobile security company TrustGo, it said the Trojan is delivered on nine distinct app stores.

If the user is not connected to the China Mobile APN, the Trojan tries to automatically connect to it and then starts a web browser in the background.

The Trojan then navigates to the market and simulates clicks to buy specific applications.

"These actions are not visible to the user, so the scheme can go on for quite a while until the victim spots the abuse," BitDefender said.

Citing the TrustGo report, it said the infected applications have been downloaded more than 100,000 times.

"But given the fact that it targets China Mobile’s users, it hasn’t been seen outside China," it said. — LBG, GMA News