The art of smishing (SMS-Phishing) has been practiced for some time, but a discovery by the wizards at NC State University has uncovered a new vulnerability that could bring the aforesaid act back into the spotlight. Xuxian Jiang's research team recently identified the hole and confirmed that it impacts Gingerbread, Ice Cream Sandwich and Jelly Bean. Put simply, if an Android user downloads an infected app, the attacking program can "make it appear that the user has received an SMS, or text, message from someone on the phone's contact list or from trusted banks." This fake message can solicit personal information, such as passwords for user accounts. The team isn't going to disclose proof until Google patches it up, but the school has said that Google will be addressing it "in a future Android release." For now, however, Jiang recommends additional caution when downloading and installing apps from unknown sources, while also suggesting that folks pay close attention to received SMS text messages.
Google Android 4.1