Users of devices running Google's Android OS were warned Tuesday night against a new malware that comes bundled with a real Opera Mini browser.
Security vendor GFI Labs said the latest version of the Trojan OpFake —which sends SMS messages to premium numbers— now bundles Opera Mini within itself.
"(There is) a fake Opera Mini support website where users can download a package named 'com.surprise.me' (file name: 'opera_mini_65.apk'), this new Opfake variant, which GFI VIPRE Mobile Security detects as Trojan.AndroidOS.Generic.A. Do keep in mind that the package and/or file names may change over time," it said in a blog post
When the app is installed, there will be two sets of “Permission to Install” pages shown to the smartphone users.
The first set comes from the malware itself, asking for rights to read and modify SMS and MMS messages; read rights to all contacts stored on the smartphone; and modify or delete rights to the SD card.
After users agree to install, the malware then redirects them to the second set, a legitimate Opera Mini page.
"More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives," GFI said.
Once installed, the malware sends one SMS message to a premium-rate number before it installs the legitimate Opera Mini.
A command and control (C&C) server controls the message sent and the number where it is sent. The malware then connects to the C&C server to retrieve data.
GFI also cited reports of a variant targeting Symbian and iPhone platforms.
It advised smartphone users to visit only legitimate sites when looking for Web browsers to download. -GMA News