A NEW malware targeting Google's mobile operating system and its variations have infected almost 1 million mobile phones in China.

Geinimi and its variants are capable of stealing users' passwords and siphoning off telecommunications fees, a Beijing-based mobile security firm said yesterday.

The malware had spread widely in China, where Google's Android Market is not yet available. However, people often download Android applications through unauthorized channels such as online forums. This makes their phones vulnerable to mobile malware, experts said.

More than 900,000 handset users in China have been infected by the mobile malware and the number is expected to grow rapidly in the world's biggest cell phone market, according to Netqin Mobile Inc.

The malware has disguised itself in popular games including Plants vs Zombies, Monkey Jump 2, President vs Aliens and Baseball Superstars 2010.

When users download such games, the malware installs itself automatically on Android phones.

It sends personal data from a user's phone to a remote server, probably for mobile advertising. Meanwhile, it also siphons off telecommunications fees by sending messages or surfing online without the knowledge of users.

"It's the most sophisticated Android malware we've seen to date," said Lookout Mobile Security, a US-based IT security firm.

To remove the malware, users can download special tools on Netqin's website. People can also visit the website to check whether their phones are infected.