The new rogue apps contained what Mahaffey called "Droid Dream Light," a stripped-down version of the DroidDream code used to infect apps in March.
Once a DroidDream-enabled app was downloaded and installed to an Android phone, the malware surreptitiously downloaded a second-stage payload that contained one or more "root" exploits that give attackers complete control of the device.
This week's infected apps were downloaded and presumably installed by between 30,000 and 120,000 users, Lookout estimated.
Google has not said what its next step will be.
But Mahaffey said Google will throw the "kill switch" on the rogue apps -- remotely remove them from users' Android phones -- in the near future. In March, Google pulled that switch four days after being notified of the infected apps.
- Google pulls more malware from Android Market
- First Look: Motorola's Photon 4G calls and computes
- Google adds '+1' rating feature to Android Market
- Google faces new round of Android malware
- Google moves fast to plug Android Wi-Fi data leaks
- Hands on: Droid Charge is cool but costly
- QuickPoll: Is a unified Android OS a good thing?
- Google to unify Android OS by Q4
- QuickPoll: Are you OK with carriers blocking Android tethering apps?
- Apple, Google will testify to Senate on location tracking
At that time, Google also pushed an app of its own to affected users. The Android Market Security Tool March 2011 did not patch the underlying bugs that were exploited, but instead deleted traces of the malicious code that weren't erased when the apps were automatically uninstalled.
On Tuesday, Sigelman said that the new rogue apps also contained working exploits. "They aimed to root the device," Sigelman said.
Mahaffey said this second campaign showed both the persistence of cybercriminals -- "They're going to keep trying," he predicted -- and the failure of smartphone owners to understand what they held in their hands.
"This raises the importance of thinking of the phone as a computer," said Mahaffey. "It's a cat-and-mouse world, and the level of security [of a smartphone] has to be the same as a computer."
Lookout has published a list of the 34 infected Android apps on the company's blog.
Sign up for Computerworld eNewsletters.