Android users have been warned of a new 'trojan' attack spreading via text messages on phones which can take over handsets and hand control to cyber-criminals.
Researchers at Symantec has found that phones are being infected with a trojan - then the infected handsets are used to infect others, sending messages to phone numbers in their address books.
Because the text messages seem to come from friends, the attack is more effective.
In the past nine months, aggressive 'adware' on Android phones has increased 210% - causing adverts to pop up on phones and stealing data from users.
[Related: How cybercrime works]
Symantec, makers of Norton software, expect the trend to continue. The new trojan mirrors 'botnet' attacks on PCS - 'recruiting' new phones to spam friends by conning users into infecting themselves.
The messages contain links to download popular games for free - or tell users they have won a prize.
Instead, the link installs a Trojan in the background, which takes control of the phone.
The compromised phone then becomes part of the 'botnet' controlled by cyber-criminals - sending the spam on to other victims.
Phones 'controlled' by Trojans can be used to earn money for cybercriminals through spam campaigns, adverts, and through using premium SMS services which are then added to a user's bill.
This attack is a worrying new trend in malicious software, says Symantec - it mirrors the sort of mass spam attacks used on PCs.
Symantec predicts that this trend will continue - and such attacks may become more common.
"While delivering spam by botnets is nothing new, mobile technology has opened up new attack vectors to cybercriminals who are using the proven attack techniques of social engineering and spam with success on mobile devices," the company said via its official blog.
"The Trojan installation is hidden from the user and traces of its presence removed while it installs the legitimate app onto the user device. Victims only see the advertised app, duping the victim into believing that all is safe."
"in 2013 mobile adware or ‘madware’ will be a greater nuisance, disrupting the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals. Madware - which sneaks onto a user device when they download an app - often sends pop-up alerts to the notification bar, adds icons, changes browser settings, and gathers personal information. In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent."