Android Piracy is on the rise and trailing behind it is the crafty nature of hackers. A new piece of Malware was recently discovered that takes advantage of a popular web browser name Opera Mini. It acts like Opera Mini it works like Opera Mini and it is Opera Mini, with the exception that it also sends off international text messages to premium services that cost you an arm and a leg. This is a new OpFake variant that was recently discovers by
GFI and is calling it Trojan.AndroidOS.Generic.A. The package name that the fake version installs, for now anyways, is  “com.surprise.me”. Fitting name for when your cell bill arrives.
When it installs you end up with two sets of permissions. The first showing permissions for oper_mini_65 and the second for Opera Mini. The first one is the malware and the second set is actually the browser. If you click on through without paying attention, then you most likely won’t notice anything different.
Here is a list of the tasks this malware does on compromised smartphones:
- It sends one (1) SMS message to a premium-rate number before it installs the legitimate Opera Mini. A command and control (C&C) server controls the message sent and the number where it is sent.
- It also connects to the C&C server to retrieve data
- It reads the following stored information:
- Country location
- Operator name
- OS version
- Phone type
- Device ID (IMEI)
This is one of those reasons why pirating apps is bad news. This isn’t loose in the Play Store version of Opera Mini, and the Play Store version is actually at 7.03 right now, not 6.5. Why someone would want to or need to pirate an already FREE app is beyond us. If GFI can find it and CNET reports it, then you know it is out there in the wild. Best course of action, get your apps from the Play Store if you can.
Source: GFI via CNET
