Warning: New Android malware tricks users with real Opera Mini

Warning: New Android malware tricks users with real Opera Mini

Summary: Cybercriminals have created a new variant of the OpFake malware for Android that comes bundled with a legitimate version of the Opera Mini mobile browser. This helps trick users into thinking that nothing is wrong as they can simply use the real software as expected.

Warning: New Android malware comes bundled with Opera Mini

A new piece of malware is trying to take advantage of Opera's popularity as a mobile browser alternative on Android smartphones. Cybercriminals have created a new variant of Opfake that bundles the real Opera Mini version 6.5 so as to further mask what the malware is actually doing (earning its creators money from unsuspecting users by sending international text messages). GFI, which first discovered the malware, is calling this particular threat Trojan.AndroidOS.Generic.A. The package is named "com.surprise.me" while the file name is "opera_mini_65.apk" (both can easily be changed).

As you can see above, two sets of "Permission to Install" pages are displayed during installation. The first (above in the middle), comes from the malware itself: it asks for read and modify rights to all SMS and MMS messages, read rights to all contacts stored on the smartphone, modify or delete rights to the SD card, and so on. The second (above on the right) one appears once users agree to install the first, which is simply the permissions required for the legitimate Opera Mini browser.

This particular threat is interesting because it shows that OpFake is evolving. Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong. "More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives," a GFI spokesperson said in a statement.

The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue. The malicious app does the dirty work to incur costs on the victim. More specifically, here's what this particular threat does:

  • It sends one SMS message to a premium-rate number before it installs the legitimate Opera Mini. A command and control (C&C) server controls the message sent and the number where it is sent.
  • It also connects to the C&C server to retrieve data.
  • It reads the following stored information: Country location, Operator name, OS version, Phone type, and Device ID (IMEI).

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Opera Mini link: play.google.com/store/apps/details?id=com.opera.mini.android.

See also:

Topics: Security, Android, Apps, Google, Malware, Mobile OS

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Warning: New Android malware tricks users with real Opera Mini

    Another day another android malware pops up.
    Loverock Davidson-
    • If anyone is stupid enough to install unofficial software...

      The user has to be stupid enough to install unofficial software from an untrusted source, though.

      I have one unofficial application installed, but that's because the official app was taken out of the Google Play store because it's open source, and someone else put ads on it and put it up, and is claiming the original owner is infringing his copyright. Hopefully this will get sorted soon, but in the meantime I can git clone the code, compile it for my device, and install the resulting ad-free and completely free (and optimized) version.

      The app in question is the Muppen64 Android Edition app. Basically, a Nintendo 64 emulator for your phone.
      • So what's the "open" advantage of Android?

        We are constantly told that one of the advantages of Android, and one of the major flaws of the iPhone, is that with Android, you aren't restricted to installing apps from only 1 source. Ignoring the fact that malware has snuck into the "official" Android app store, how is this "open" nature any advantage if any time anyone uses it, they are called "stupid"?

        It would be like saying "My car is better than your car because my car doesn't have a rev limiter and I can rev it up to 20,000rpm if I want." When people blow their engines with your car, you then answer "You would have to be pretty stupid to go above the redline, you are just asking for a blown engine."
        • sideloading apk

          Being able to sideload an app is very useful. But the really dumb thing here is that Opera Mini is completely free in the official Google Play app store and does not contain malware. Why are people sideloading opera mini from dodgy source when it's free from the official android market?
          In my opinion, use Opera Mobile instead of Opera Mini which relies on a compression proxy server. Both are free in Google Play and again, both don't contain malware.
          • It's the double standard that's the problem

            All we ever heard was how bad the iPhone was because of the walled garden and how great Android was because you could load apps from anywhere. When malware started hitting Android from other sources then all we heard was you shouldn't load software unless if was from the Marketplace/Play. Then we used to hear that Jailbreaking an iPhone didn't count in regard to being capable of doing something yet when updates to Android are brought up, or the lack of, the answer is always just root it. I completely agree that loading software from an unknown source is not advisable but this double standard gets very old.
        • Its always tougher

          to ask people to use their discretion when buying cars, stereo equipment and software. That's why there should only be one car store, one stereo store, and Apple.

          Right? Choice implies discretion. If you are too stupid to make choices about where and what to buy, you shouldn't be allowed to shop. You should buy an iPad.

          On the other hand, if you are smart enough to follow some simple rules (always get software from the Google store or from its author's site, only sideload known software from a trusted site) you can gain the benefit of using software that's not available on Google, like some open source titles, or private software for your business, or school, or etc. etc.

          The rules are the same as those for Windows or Linux (or jailbroken iOS)- only download known software from trusted sites.

          Just because some people make bad choices is not sufficient reason to remove the freedom of choice from everyone (or even those few idiots!).
      • Malware

        OK since you downloaded unofficial software does that make you stupid? Look guy, folks, users THAT JUST USE A NETBOOK OR COMPUTER LIKE MY WIFE AND DAUGHTER, not a programmernot a tech user, have a tendency to download apps that are free and popular. Not much chance for any user of an android phone or netbook to know or suspect that there is malware attached to it or in it. I have downloaded some very good shareware for the android and pc that wasn't the official download. I think I know what you mean by that but what makes any app official or unofficial less or more likely to be free of malware? I remember when Microsoft had a virus in one of their programs. I have selected on my netbook unknown sources which means allow installation of non-Market apps. Why you might ask? Because I have looked for and found freeware that can't be downloaded without this checked. Does this mean I have malware or a virus on mine. I doubt it, haven't found any yet. Does it mean I will? Definitely, at some point everyone will get infected with something, the deal is to not stay that way. Too many good virus and malware programs out there. Who would have thought that Android would be targeted next they will be getting Apple. I keep a firewall running and virus scanner.
        • @Ronspruell

          This malware would slip right thru your firewall and unless you run a virus scanner that detects this particular malware (most of them don't), it would get on your device if you manage to find it.
        • So tell your wife and daughter ...

          to ONLY get the programs they want from the Google app store. If that's too tough for them, buy them an iPad.

          The idea that the average user is too stupid not to use the official source is ridiculous - or the country is in REAL trouble.
  • At least Windows Phone doesn't have any malware...

    ...market share too small, I guess.
    • And oh...

      ...how ironic that is.
  • And here in lies the problem with an Open Platform.

    I have long been an advocate for using what ever works for you, but this is a new and worrying threat. It seems that everyday, if the world is not switched on 24/7, you'll get sliced and diced before you leave the starting gate.

    So far, my iphone and ipad have not been shot down by malware. This does not preclude the fact that it could happen. however, it is less likely whilst the hawks are Apple are on the case. Not impossible mind you, but still unlikely at present.

    There needs to be a serious rethink in the industry, about how the technology is used and what we as custodians of it's future are prepared to accept.

    Seems the wild west is on the move again, and the mobile market is just hotting up, as the PC market cools down.
    • ignorance is bliss

      Notice how android warns the user during installation that it requires permission to send sms and mms?
      right there you have control over this malware and can abort installation.
      On your iphone, every app gets full permission to your contacts etc. there is no warning and you have zero control over it. There is no OS that is easier on malware than iOS at the moment. All is totally relying on Apple to vet apps and it has been proven that Apple doesn't really vet apps, they just take the 30% cut, and remove apps when people complain. iOS 6 is introducing permission control and finally catching up.
      Nobody knows the amount of datamining going on with current iOS apps.
  • The OS is not the problem

    As someone else mentioned, this app was now on the play store, but was from another source. Similarly, people have and do get malware when they decide to "side load" an app to their devices. Most consumers however, Download from the official store.

    It's the cost of having the ability to do so. And similar things happen to those, even on iOS that have jailbroken their phones. Android, allows this yes, without the difficulty of rooting, but explains the the risks as soon as you enable it.

    As the owners of these devices, the right to what we want with them, is fundamental, in my opinion. I took the risk. Not Android, not iOS (jailbroken). To blame the os, for other misdeeds, is like blaming the manufacturers for speeding accidents, because they built a car that can travel fast.

    Android is the no. 1 smartphone OS. Naturally there are crooks that will try to take advantage of it. But just like Microsoft and the PC, we do have the ability to manage our risks, with virus protection and due diligence.

    What would have happened if instead of allowing people to download apps for free from the apple app store, the hacker created something much more vicious? As a network professional, I know that there is no such thing as a completely secure platform. And the number 1 liability when it comes to security, are people.
  • Beautiful...

    ...Yet another alarm trying to wake Google to the real world. Wake up Google and take control of the damn official Android Market!!
    • ...

      How would Google taking control of the official market stop people from downloading malware from some other site on the Internet, exactly?
    • not from google play

      Opera mini from Google Play is free and does not contain the malware.
      • Errr.....

        You sure? Can you say 100% it's true?
  • Fraud and ID theft

    I'm with Benjamin Franklin. These kinds of things undermine society at the same level as counterfeit money. So I would consider these acts treasonous and possibly worthy of capital punishment. Eventually someone's going rewrite the firmware that completely disables devices. Who's to pay for the chaos? You know the computers that operate war drones - yeah , they've been affected by malware too. Yep, let's start World War 3 because some dip created a virus infecting an Android that a General is using.
  • Just like in many PC warez/cracks

    This is the same practice used in warez downloads for the PC. People download them, the app works, is licensed, and they think all is good - BUT there is a hidden surprise, all transparent to the user. I've analyzed these files, I know them to exist. Heck, there are even rogue download sites that repackage popular freeware now, but also putting whatever else on your PC. They even advertise for that freeware, to make sure you hit their link first. Of course, often those are just bundling scams.

    Anyway, at least on Android, the app can be removed from the Marketplace pretty quickly.