Computer News & Safety – Harry Waldron Rotating Header Image

OpFake.A – New Mobile attack disguised as Opera Mini Updater

A new mobile malware threat has surfaced and disguises itself as a legitimate software offering from Opera.  It is important to carefully check the authenticity of any software apps installed

F-Secure Trojan:SymbOS/OpFake.A
http://www.f-secure.com/weblog/archives/00002261.html

Here’s the technical analysis related to yesterday’s post on Trojan:SymbOS/OpFake.A.  OpFake.A arrives as a supposed Opera Mini updater using file names such as OperaUpdater.sisx and Update6.1.sisx. The malware installer adds an Opera icon to the application menu. When run, it will show a menu and a fake download progress bar. The malware also has a “license” which can be displayed. When the trojan is started, and before the victim advances through any of the menus, the trojan is already sending text messages to Russian premium rate numbers. The numbers and the content of the messages come from an encrypted configuration file (sms.xml).

The Symbian version of OpFake.A will also monitor SMS messages for the short while it is active and deletes incoming messages and messages moved to the sent messages folder based on the phone numbers and content of the messages. The code that handles the interception of incoming SMS messages is largely identical to that in Trojan:SymbOS/Spitmo.A. That part of OpFAke.A clearly shares source code with Spitmo.A.

Comments are closed.