According to Panda Mobile Security research team malicious apps from Google Play have infected 300000 Android Devices. PandaLabs team has found a new threat that has infected at least 300,000 people, although that number could be 4 times higher: 1,200,000. All of those malicious apps are downloadable from Google Play:
“Without the user knowledge the app will get the phone number of the device, will go to a website and will register it to a premium SMS service. This service require a confirmation to be activated, which means it sends a SMS to that number with a PIN code, which have to be entered back to end the process and start changing you money. This app waits for that specific message, once it arrives it intercepts its arrival, parses it, takes the PIN number and confirm your interest in the service. Then it removes it, no notification is shown in the terminal and the SMS is not shown anywhere. Again, all this is done without the user knowledge.” states the blog post.