The recent rise of mobile computing is further signaling the need for users to have good reliable mobile browsers such as Opera Mini installed in their smartphones or in any mobile device. We believe that this is why cybercriminals are currently using Opera Mobile as a mobile malware disguise.
We encountered a website that seems to have been designed to be viewed on a mobile device. The site, which is in Russian, looks like the Opera site. It immediately informs visitors that they need to upgrade their versions of Opera Mini.
All of the links in the website lead to the download of the malicious file OperaMini.jar, which Trend Micro now detects as J2ME_FAKEBROWS.A.
When executed, it checks if the mobile phone uses certain service centers then proceeds to sending text messages to premium numbers. It affects the mobile devices that support MIDlets—a Java program for embedded devices, specifically Java 2 Micro Edition (J2ME).
We’ve blocked access to the malicious site and we are currently monitoring for more related malicious activities.
Users may refer to our Threat Encyclopedia page on mobile malware for tips on keeping their mobile devices protected. They should also check out Opera’s official website, http://opera.com or http://operamini.com, if they want to install the said browser in their devices.
Update as of October 3, 2011, 4:45 AM PST
We were able to find another mobile malware that arrives as a fake Opera Mini installer. This malware, however, targets Android users. Detected as ANDROIDOS_FAKEBROWS.A, this malware is a premium service abuser, as it sends messages to premium numbers, leaving affected users with unwanted charges.
As advised, users should only install Opera Mini in their devices by directly accessing the Opera site to avoid being victimized.