Researchers at NC State University has uncovered a new vulnerability that expose smishing and vishing threats for Android users. If an Android user downloads an infected app, the attacking program can make it appear that the user has received an SMS, or text, message from someone on the phone’s contact list or from trusted banks. This fake message can solicit personal information, such as passwords for user accounts. If you click on the link, you may inadvertently be downloading a Trojan horse, virus, or other malicious malware.
Source: https://thehackernews.com/2012/11/android-smishing-vulnerability.html