The cyber criminals grabbed a copy of Steamy Windows, then added a backdoor Trojan horse ... to the app's code. The reworked app is then placed on unsanctioned third-party 'app stores' where unsuspecting or careless Android smartphones find it, download it and install it.
The malware can install other applications, mess with the phone's browser bookmarks and send text messages to premium rate numbers.
Steamy Windows is just the newest in a line of compromised Android apps. Last month, researchers discovered a Trojan dubbed HongTouTou that is repackaged in popular Android apps and distributed through alternative Chinese app markets and forums.