"Security Week adds that the malware has already infected 500,000 smartphones and other devices running Android."
Implies it's self-replicating - that would be massive news, but I guess that should read: 500,000 users have already infected their smartphones.
"Disinfecting devices is a tricky process because the malware disables users' ability to simply delete it, TrustGo warns."
That means this application is modifying the OS - presumably on un-rooted devices. The linked article suggests the device administration API is being used for this - however I see nowhere that says this API can affect the package manager. This needs clarifying I think.
TrustGo's article also states the device administration request cannot be cancelled as pressing the cancel button re-launches the dialog. The home key is hard-coded to show the launcher, so I question why this is not suggested in their article as a means to escape the dialog:
"This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the
user eventually is forced to select “Activate” to stop the dialog box."