"When users opt to download and install the said fake app, the site connects to another URL to download a malicious .APK file," Trend Micro researchers warn.
The file in question is a premium service Trojan that saddles users with unwanted charges.
Both the website offering the fake app and the one from which the Trojan is downloaded are hosted on the same IP address - a Russian domain.
"Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme," conclude the researchers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.