It's getting pretty busy in Android Malware Land with many recent threats being reported, discovered and removed by Google itself from the Android Market but recent discoveries point towards a new malware that appears to be affecting those smartphones that are running on custom Android ROMs.
The name is jSMSHider and it's a Trojan affecting devices with a custom ROM. It "exploits a vulnerability found in the way most custom ROMs sign their system images" and doing so, "it installs a secondary payload onto the ROM, giving it the ability to communicate with a remote server and receive commands". It will then be able to read, send and process your text messages, install apps on ROMs with a platform signer from the AOSP, download an application from a URL and perform a silent install or update of the APK and some more.
Because it makes its rounds in alternative app markets targeting Chinese Android users, the impact on users on a global level will be limited but don't forget to always play it safe when it comes to installing applications you download from the internet (and use protection software if you're a heavy application consumer).
Source: Lookout Mobile Security