[+] Wayc0de's Blog[+]

02/10/11

Mobile Malware Found Disguised as Opera Mini

The recent rise of mobile computing has further signaled the need for users to have a good reliable mobile browsers, such as Opera Mini, installed into their smartphones or any mobile device. We believe that is for this reason that cybercriminals are currently using Opera Mobile as a disguise for mobile malware.

We encountered a website that seems to have been designed to be viewed on a mobile device. The site, which is in Russian, appears to look like the Opera site. It immediately informs visitors that they need to upgrade their version of Opera Mini. Below are screenshots of OperaMini.jar when installed in a mobile phone.
Below is a screenshot of the said site:


All of the links in website lead to the download of the malicious file OperaMini.jar, which is now detected as J2ME_FAKEBROWS.A.


When executed into the device, it checks if the mobile phone uses certain service centers and then proceeds to sending text messages to premium numbers. It affects the mobile devices that support MIDlets — a Java program for embedded devices, specifically the Java 2 Micro Edition (J2ME).

We’ve blocked access to the malicious site, and we are currently monitoring for any more malicious activity that J2ME_FAKEBROWS.A may exhibit.

Users may refer to our Threat Encyclopedia page on mobile malware for tips on how to keep their mobile device protected.

Also, users should check the Opera’s official website, http://opera.com or http://operamini.com if they want to install the said browser into their device.

Tidak ada komentar:

Posting Komentar