Researchers at Symantec have detected a spam campaign on Twitter that spreads an Android trojan called Opfake.

Tweets from compromised accounts are written in Russian and include malicious links that lead to sites hosting mobile malware.

According to Thursday blog post by Joji Hamada, a Symantec researcher, the firm spotted an influx of compromised Twitter accounts spamming the messages around early July. He wrote that “hundreds of tweets” may have already been sent globally and that Twitter is working to address the threat.

Malicious links lead victims to websites where they believe they’ll be downloading free apps. Instead, the install is Opfake, which sends SMS messages from their Android phone to premium-rate numbers.