While looking at the profile of a Facebook member from his Android smartphone, a Sophos researcher found himself being automatically redirected to a site which served a malicious file designed to earn cybercrooks money by signing the user up for premium rate phone services.
The piece of malware uses a class name associated with other legitimate applications, most likely to make itself look less harmful.
Identified as Andr/Opfake-C, the malware initially comes as a package called any_name.apk and its configuration file includes dialing codes for a large number of countries.
This means that the victim’s place of residence doesn’t really matter. Once the malicious element is on the phone, it will start sending SMSs to premium rate numbers, inflating the user’s bill.
When first executed, the piece of software informs the user of some of its purposes, but the fact that it pushes itself without requesting any permission, makes security experts catalogue it as malware.
Furthermore, the same URL, a few days later, was found to redirect to other websites which serve variations of this malevolent app.