Said criminals then remotely control the handset to spam the user's address book with links to pay-to-text phone numbers, essentially making quick cash at the victim's expense. Some links also lead to the virus itself, so folks who click through invite the malware onto their device.
As noted, over a million phones have been infected, but that's as of the first week of September, so the number of affected devices has undoubtedly grown since then. China's National Computer Network Emergency Response Technical Team Center is on the case, but around 10 similar viruses have recently appeared, making it difficult to track down the culprits.
This isn't the first time we've seen such attacks, and given the increasing popularity of smartphones, it surely won't be the last. In August, Kaspersky discovered a Trojan targeting Android phones that also disguised itself as harmless software and sent SMSs to premium rate numbers.