The concept of malware riding shotgun with legitimate mobile apps is not a new one. There have been a slew of cases in which attackers have compromised apps in the Google Play store and inserted malware into the file. But a new attack uncovered by Palo Alto Networks (https://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-android-malware/101956) is using a new technique that starts with the user installing an app on her Android phone. The app could be a legitimate one or a malicious one, but it will include some code that, once the app is installed, will reach out to an ad network. Many apps include such code for legitimate ad revenue purposes, but these apps are connecting to a malicious ad network. Once the connection is made, the app will then wait until the user is trying to install another app and will pop up an extra dialog box asking for permission to install some extra code. That code is where the bad things lie. The malicious code immediately gains control of the phone's SMS app for both command and control and in order to sign the victim up for some premium-rate SMS services. The attack is interesting, said Wade Williamson, a senior security analyst at Palo Alto, because the attackers can use a legitimate ad network that's already connected to a group of apps and then at any given time flip the switch and begin using it for malicious purposes.

http://it.slashdot.org/story/13/08/12/2011245/new-attack-uses-attackers-own-ad-network-to-deliver-android-malware