The malware in question has been dubbed Droidpak. Symantec researchers have failed to share how it is delivered to potential victims in the first place, but they have ferreted out what it does.
First, it drops a malicious DLL and registers it as a system service. Then it contacts a remote server and downloads a configuration file from it. The information contained in it allows it to download a malicious APK (Android application package) file, as well as and Android Debug Bridge tool if necessary.
The latter enables the malware to install the malicious APK to any Android based device the victim connects to the computer. Once installed, the malware attempts to hide its presence by posing as a "Google App Store" application, and in the background it searches for online banking apps that the user has installed.
If it finds one, it tries to convince the user to delete it by giving a bogus pretext and tries to get them to download and install a malicious equivalent. Needless to say, the latter records any (banking) information that's entered into them.
In addition to this, it can also intercept and delete SMS messages - those sent by the victim's bank are likely among those that aren't allowed to pop up.
This malware combo is currently targeting Korean users, but it can be easily modified to search out for online banking applications of banks around the world, I imagine.
The good news is that the malware definitely needs the user to perform the installation of the malicious apps, so users who are alert and know how to spot this type of social engineering won't be fooled into doing it.
Another good thing is that turning off USB debugging on your Android device will block this infection vector (read more about what the mode does and why you should keep it disabled when you don't use it).
Finally, having a good AV solution both on your PC and your mobile device is always a good idea.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.