Apple, normally a company somewhat lax on security, seems to be stepping up its game. Just two days after a fake installer malware was found for Mac OS X, Apple has updated the definitions for its Xprotect.plist. The update is much quicker than Apple has been in the past and they should definitely be applauded for doing it so quickly.
The malware asks users to enter their mobile number for verification and activation. They have to then enter a code that is texted to the device to continue installation. Once a user inputs that code, their mobile account is billed an ongoing subscription. After this, the app either installs the app it pretended to be or spits out garbage.
Either way, the scammer has already made his money. This has been used on Windows for a while now, though it's not clear how many people would actually input their phone number. Clearly enough people do as the scam is still around and Apple was quick to block it. The malware is detected as "Trojan.SMSSend.3666" by DoctorWeb.