Chalk one more up for malware authors over Google Play’s defenses. A new Trojan that sends premium-rate SMS messages managed to get to, and stay for a while,  on Google Play for download by Android devices, security vendor BitDefender said.

“The apps avoided the automated screening process set in place by Google by allowing remote content to be accessed and downloaded. Multi-stage payloads are not uncommon, although we’ve rarely seen it used in legitimate Android apps,” BitDefender said in a blog post.

BitDefender said the Trojan was distributed via a seemingly innocent wallpaper app that can connect to a Dropbox account to download an additional package named “Activator.apk”.

On download, the package notifies the user it is about to install and that “services that cost you money” may be used.

The “Activator.apk” immediately prompts for uninstall after sending the premium rated SMS messages so it can hide its existence.

BitDefender said that while the payload is limited to sending premium SMS messages, it raises the possibility later “Activator.apk” files can activate more aggressive malware.

It also noted the use of a cloud-based Dropbox account to disseminate malware through apps approved by Google’s Marketplace should also raise serious security issues.

“(S)eemingly legitimate applications are piggybacked and used for nefarious purposes,” it warned.

BitDefender reminded users of mobile devices to stay safe by using mobile security software. — LBG, GMA News