Mobile Malware Found Disguised as Opera Mini
The recent rise of mobile computing is further signaling the need for users to have good reliable mobile browsers such as Opera Mini installed in their smartphones or in any mobile device. We believe that this is why cybercriminals are currently using Opera Mobile as a mobile malware disguise.
We encountered a website that seems to have been designed to be viewed on a mobile device. The site, which is in Russian, looks like the Opera site. It immediately informs visitors that they need to upgrade their versions of Opera Mini.
All of the links in the website lead to the download of the malicious file OperaMini.jar, which Trend Micro now detects as J2ME_FAKEBROWS.A.
When executed, it checks if the mobile phone uses certain service centers then proceeds to sending text messages to premium numbers. It affects the mobile devices that support MIDlets—a Java program for embedded devices, specifically Java 2 Micro Edition (J2ME).
We’ve blocked access to the malicious site and we are currently monitoring for more related malicious activities.
Users may refer to our Threat Encyclopedia page on mobile malware for tips on keeping their mobile devices protected. They should also check out Opera’s official website, http://opera.com or http://operamini.com, if they want to install the said browser in their devices.
Update as of October 3, 2011, 4:45 AM PST
We were able to find another mobile malware that arrives as a fake Opera Mini installer. This malware, however, targets Android users. Detected as ANDROIDOS_FAKEBROWS.A, this malware is a premium service abuser, as it sends messages to premium numbers, leaving affected users with unwanted charges.
As advised, users should only install Opera Mini in their devices by directly accessing the Opera site to avoid being victimized.
Post from: TrendLabs | Malware Blog – by Trend Micro
Mobile Malware Found Disguised as Opera Mini
Spotlight
Cloud Computing
- HR could play leading part in BYOD success
- US still safest bet among data center destinations
- Commission makes controversial security recommendation
- Government agencies working toward secure procurement
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Workforce mobilization becoming the new normal in healthcare
- Best practices for users to stay secure while virtualizing
- HR could play leading part in BYOD success
- US still safest bet among data center destinations
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet