According to a report from AegisLab, the incident is not as serious as the DroidDream saga back in March, when more than 50 apps were infected by malware.
Commenting on this latest infection saga, Vanja Svajcer, a principal virus researcher with Sophos Labs, said that the apps were apparently developed by a legitimate Android developer called Zsone.
"However, it seems that the legitimate applications from the same developer have a version number different than the malicious versions", he said in his latest security blog.
"When one of the malicious applications is installed on the device, an SMS message will be sent to one of a range of premium rate numbers. The numbers are different depending on the application. The attack targets mobile devices in China since the SMS subscription service numbers used are only available from Chinese mobile network providers", he noted.
Svajcer went on to say that Sophos has received several applications with the SMS sending functionality, including iCalendar, iMine and iMatch.
"The malicious versions of the applications I have seen come with the version number 1.1.0", he said.
"The most interesting characteristic of the latest set of trojanised applications is the fact that a special broadcast receiver is used to inspect all new SMS messages received on the device", he added.
The Sophos researcher goes on to say that, if the app receives an SMS message from the number which was previously used to register the phone for services the broadcast receiver attempts to abort the broadcast using the AbortBroadcast function.
This method, he notes, could prevent other SMS applications from processing the message.
Svajcer says that this latest Android incident shows that applications installed directly from the Google market could still be affected by malware.
In an ideal world, he adds, Android apps should not be allowed to be self-signed and only allowed keys certified by trusted authorities.
"Having two classes of applications, signed by certified keys and self-signed, would allow developers of the Android OS to limit the capabilities available to self-signed applications. For example, self-signed apps should not be able to send SMS messages", he said.
"Perhaps this measure would not be a silver bullet but it would certainly be a welcome sign that Google is taking Android security more seriously", he added.