updated 06:00 pm EDT, Mon May 21, 2012
Android.Opfake reemerges, now pushing fake free apps
Symantec has discovered a novel implementation of the Android.Opfake malware, one that takes users through a fraudulent app-download process before charging them for what was initially billed as a free app. The malware is notable because it actually directs users through the Google Play app store in the process of defrauding them of money.
Apps containing the malware are hosted on dedicated sites and fake app markets. Users download and install the app and are then led through a second installation process after opening the app. The user is presented with a fake Terms of Service agreement, which is agreed to by clicking a link at the bottom of the screen. Upon clicking the link, the user is taken to the Google Play store and given the choice to download a free app. The malware takes advantage of SMS-related permissions to charge the user as they progress through the "installation" process.
Symantec recommends that users only download apps through trusted stores, such as Google's Play store, and not from independent sites. This isn't the first time Google's Android operating system has been attacked by malware, which has been a known and growing problem for the platform for some time now. Recent months have seen malware popping up via hacked sites and fake ports of popular apps, including Björk's Biophilia and Instagram.