There’s a new round of malware affecting Google Inc (NASDAQ:GOOG) Android devices, and this time the results could spill over into real life. The malware, according to Emil Protalinski over at The Next Web, forwards text messages to criminals who can use the information against users.

Google Android Malware

The Malware Was Detected By Doctor Web

The malware, which was detected by Russian cyber security firm Doctor Web, goes under the name Android.Pincer.2.origin, and acts as a security certificate. This means that users have to install the virus manually. After someone does that by accident, the virus can do all sorts of nasty things to the user’s information.

Android.Pincer.2.origin will send a huge amount of information, including carrier details and cell phone number to whoever is operating it, all in the background with little ability for users to detect it. Once the malware figures out if the phone is a suitable target, text messages can be intercepted should the operator wish.

According to the piece in The Nest Web, operators will be able to control the devices functions remotely. A list of commands that can be used were contained in the piece, they include;

  • start_sms_forwarding [telephone number]— begin intercepting communications from a specified number
  • stop_sms_forwarding — stop intercepting messages
  • send_sms [phone number and text] — send a short message using the specified parameters
  • simple_execute_ussd — send a USSD message
  • stop_program—stop working
  • show_message—display a message on the screen of the mobile device
  • set_urls – change the address of the control server
  • ping – send an SMS containing the text ‘pong’ to a previously specified number
  • set_sms_number—change the number to which messages containing the text string ‘pong’ are sent

Together they form a powerful web of abilities that seriously endangers the privacy and possibly the safety of an Android user. The software can be used to take specific messages from users, or ones containing certain words. The Next Web says that the virus has not been found on Google Inc (NASDAQ:GOOG) play store, so most users should be safe.

That means that this tool is probably being used to target certain people. It might be meant for blackmail, surveillance, or even simple theft, but it’s unlikely to hit the devices of most users. The Next Web calls it “an interesting example of how Android malware is evolving.” It’s not done evolving yet.