It propagates through a trojan.
The malware requests administrative permissions to sink its hooks deep into Android.
And these messages can be encrypted using Transport Layer Security (TLS).
The messages were pulled from the command and control web link by the operators of the scheme via Tor.
This means that for every 10k infections, the malware authors raked in $200k-$500k.
source: www.techworm.net
