But, luckily, there is a pretty easy way to avoid them: Only install apps from Google's official Play Store.
"Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores," Lookout noted in a blog post about the malware. That means the victims here were people who went outside of Google's official channels to install the imposter apps.
Some users turn to such markets to take advantage of offers of free or discounted apps, or find apps that don't make the cut in official market places -- sometimes because they rely on pirated material or are hyper-localized to a specific geographic market.
Google did not immediately respond to a request for comment on this story, but the company has long tried to limit suspicious apps in the Google Play store by scanning the market for signs of malware. It hasn't always been 100 percent successful in those efforts, nor has Apple, its main competitor in the mobile operating systems market.
But security experts generally agree that consumers are much safer sticking to the official market places rather than downloading apps from third-party alternatives -- where these new strains appear to have lurked.