The website of a popular watch-selling website in Bulgaria is redirecting users to a number of malicious domains serving up premium rate SMS malware. Users that visit the site on Android-based devices are prompted to download the malware in question. The malware presents itself as either an Adobe Flash Player installer ( hxxp://adobeflashplayer-up.ru/?a=RANDOM_CHARACTERS at IP address 93.170.107.184) or a new version of Google Play. The campaigns appear to be targeted toward Russian-speaking Android users.
Source: https://threatpost.com/infected-site-spreading-sms-android-malware-012213/77439/