Related Links

Top 5 Stories


Opfake malware being disguised in Android games

18 May 2012

Symantec researchers recently discovered several dummy sites being used to peddle the Android.Opfake malware, which is being disguised as games such as Temple Run and Cut the Rope.

All of the front-end dummy game sites connect to a central back-end site that acts as a file generator or repository, explained Symantec researcher Irfan Asrar in a blog.

The attackers have even gone so far as to include images of actual devices playing the games in an attempt to convince users that the malicious versions are actually legitimate, Asrar explained.

In addition, Symantec has published a white paper detailing the workings of the Opfake malware. The paper describes how on the surface the threat may appear to utilize a legitimate business model to generate revenue, but a technical analysis reveals the risks it creates for end users.

The Opfake malware masquerades as various apps and content, including an installer for the Opera Web browser and a pornographic movie, which require the user to pay for them. It demands payment for the app or content through premium text messages, the white paper explained.

The malware also displays a service agreement to the user that describes the usage of paid text messages in Russian because the malware author is targeting users in Russia.

“What [the Opfake developers] are trying to do is make money by sending premium text messages”, said Kevin Haley, director of Symantec Security Response. “What they are trying to do is make it seem like you have agreed to sending these text messages. As part of agreeing to install the app a text message gets sent that you have to pay for”, he told Infosecurity.

“They could almost make the argument that this is what you agreed to when you downloaded the game. Unfortunately, they don’t give you the option of not sending the text message and they don’t make it clear that they are doing it and they don’t tell you how much it is going to cost”, Haley explained.

Haley advised users to install antivirus software on their phone, use trusted marketplaces such as Google Play, and check the permissions of an app. “If you don’t like what the permissions are requesting, then don’t install the app”, he concluded.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×