This particular threat is interesting because it shows that OpFake is evolving. Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong. "More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives," a GFI spokesperson said in a statement.
The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue. The malicious app does the dirty work to incur costs on the victim. More specifically, here's what this particular threat does:
- It sends one SMS message to a premium-rate number before it installs the legitimate Opera Mini. A command and control (C&C) server controls the message sent and the number where it is sent.
- It also connects to the C&C server to retrieve data.
- It reads the following stored information: Country location, Operator name, OS version, Phone type, and Device ID (IMEI).
Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store.