Wednesday, July 25, 2012

WARNING: New Android Malware

A new piece of malware is trying to take advantage of Opera's popularity as a mobile browser alternative on Android smartphones. Cybercriminals have created a new variant of Opfake that bundles the real Opera Mini version 6.5 so as to further mask what the malware is actually doing (earning its creators money from unsuspecting users by sending international text messages). GFI, which first discovered the malware, is calling this particular threat Trojan.AndroidOS.Generic.A. The package is named "" while the file name is "opera_mini_65.apk" (both can easily be changed).

As you can see above, two sets of "Permission to Install" pages are displayed during installation. The first (above in the middle), comes from the malware itself: it asks for read and modify rights to all SMS and MMS messages, read rights to all contacts stored on the smartphone, modify or delete rights to the SD card, and so on. The second (above on the right) one appears once users agree to install the first, which is simply the permissions required for the legitimate Opera Mini browser.

This particular threat is interesting because it shows that OpFake is evolving. Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong. "More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives," a GFI spokesperson said in a statement.

Read the rest of the story at ZDNET