Attackers are spreading Android malware to users under the guise of phony mail tracking notifications made to look like DHL Express correspondence, analysts warn.

On Thursday, Carlos Castillo, a mobile malware researcher at McAfee, revealed in a blog post that the brand name of logistics company DHL in Germany had been used to trick victims in the country into installing the malware detected as “Android/SmsHnd.A.”

The threat is delivered via SMS spam designed to look like a DHL tracking notification. In reality, a link in the SMS (shortened through Google's URL service allows attackers to install the malware, the blog post said.

“SmsHnd” leaks sensitive data, such as a victim's phone number, device model, IMEI and IMSI identifiers. The Android malware can also spam text victims' contacts, Castillo said, all while attackers intercept and forward incoming text messages to a remote server in Japan.