Researchers at GFI Labs recently came across a new version of the Opfake malware that delivers a working copy of the Opera Mini browser.

"No longer is it simply mimicking a well-known mobile Web browser; this piece of malware now installs the real Opera Mini browser instead of simply pretending to do so," writes GFI communications and research analyst Jovi Umawing.

"The malware targets Android phones and steals money from victims by sending SMS messages without the user's knowledge to premium-rate numbers and also collects data about the device it infects," writes Threatpost's Dennis Fisher.

"This particular threat is interesting because it shows that OpFake is evolving," writes ZDNet's Emil Protalinski. "Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong."

"'More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives,' the researchers commented," writes Help Net Security's Zeljka Zorz. "In the meantime, the malware works quietly in the background, sending a premium-rate SMS, retrieving data from a C&C server, and exfiltrating information such as country location, operator name, OS version, phone type and device ID (IMEI) to it. Users are advised always to download apps from legitimate and well-reputed online stores in order to minimize the possibility of downloading malware instead."