According to Lookout researchers, the Gamex Trojan's functionality is split across three components.
Once the downloaded app repackaged with the Trojan is granted root access by the user, the malware takes advantage of this permission to install another app onto the device, which then functions as a privileged installation service.
"A third component communicates with a remote server, downloads apps, and triggers their installation. Gamex also reports the installation of these applications, along with the IMEI and IMSI, to a remote server," the researchers explain.
"We believe that this information is used to operate and/or report installations to a malicious affiliate app promotion network."
As always, users are advised to restrict their app downloading to trusted sources, check the permissions each app asks for thoroughly, keep their firmware updated, and be on the lookout for their devices behaving in an unusual manner.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.