"When users opt to download and install the said fake app, the site connects to another URL to download a malicious .APK file," Trend Micro researchers warn.
The file in question is a premium service Trojan that saddles users with unwanted charges.
Both the website offering the fake app and the one from which the Trojan is downloaded are hosted on the same IP address - a Russian domain.
"Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme," conclude the researchers.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.