IT security researchers at AdaptiveMobile have discovered a previously unknown mobile threat for Android. Unlike the vast majority of Android malware, this new threat- known as “Selfmite”- is not a trojan, but a worm, which spreads itself via text messages.

As outlined in a blog post by AdaptiveMobile security analyst, Denis Maslennikov, potential victims receive an SMS message containing a URL pointing to the Selfmite worm. The message reads, “Dear [NAME], Look the Self-time, http://goo.gl/******.”

Users who click on the link are then prompted to download and install an APK file. Once installed, the malware produces an icon named “The self-timer” in the smartphone’s menu. When launched, “the self-timer” immediately searches the device’s contacts and sends the above message to 20 people. Finally, after sending the malicious text messages, the Selfmite worm requests users to install Mobogenie, which is an actual legitimate app for managing and installing Android apps, available in the Google Play store and other venues. The author of the worm is paid every time this legitimate app is successfully installed.

According to Maslennikov, this use of malware to abuse a legal advertising service’s pay-per-install scheme is extremely rare.

“Selfmite is a pretty interesting piece of malware and part of an unique attack,” he said.

Fortunately, researchers discovered the worm quickly, and Maslennikov does not believe it has propagated widely so far.

“AdaptiveMobile has blocked the spread of messages containing links to the worm in our customer’s mobile networks… and are working to clean up the devices already infected,” he said. “We also have contacted Google in order to disable the goo.gl shortened URLs.”