As reported by Infosecurity, around 50 Android apps were obtained by hackers, modified and infected with the DroidDream malware, and then uploaded to the Android Market, the equivalent of Apple iTunes, for Android smartphones users around the world.
Although the apps were spotted by Google some 48 hours later, some reports suggested that as many as 200,000 infected apps had been downloaded.
The ISF says this figure is now 260,000 and adds that the saga is further evidence of the 'consumerisation of IT; and a disappearing network boundary.
Analysts at the ISF are warning users to expect more attacks of this nature as the number of connected people, devices and data transactions grow and the motives and opportunities for cybercrime increase.
Steve Durbin, global vice president of the ISF, said that software developers now have a duty of care to customers, but also advised users to exercise caution when downloading anything onto their mobile devices.
"Every time an individual downloads an app, some software or accesses a website using a mobile device, it introduces risks - risks that are often outside of the control of the individual and of the security professional", he said.
"Organisations need to be more aware of the fact that personal devices, like smartphones and tablets, are becoming more affordable, more powerful and better connected and to start building a security model based on trust and which does not rely on the network for protection", he added.
According to Durbin, the ISF advises that there is a need to strike a balance between the end user and the protection of the organisation and confidential data - "for example establishing security policies for the use of personal mobile devices and educating users about the security risks."