Symantec researchers recently uncovered a new version of the Android.Opfake malware that tricks its victims into paying to download free Android apps.
"When a user downloads an installation file, it appears to install the app on the device, but then redirects the user to Google Play, where they can download the app for free. By this time, the first installation -- which was the malicious software -- has already sent off a premium SMS message and the user will be charged for it," writes AfterDawn's James Delahunty.
"The end result makes it so obvious that Android.Opfake is fraudulent because it directs the device owner to Google Play to install the app even though installation had already happened," writes Symantec's Joji Hamada. "In this instance, the apps are hosted on dedicated sites as well as fake app markets -- typical for Android.Opfake."
"So when this secondary installation finishes, users are shown an agreement which they have to confirm," Geek with Laptop reports. "At the bottom there’s a line which indicates users will be charged for this service, however it’s so far down that it’s possible to miss it entirely."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Please only install apps from Google Play unless you are absolutely certain who wrote the software you want to install," begs ZDNet's Emil Protalinski. "Fighting malware isn’t just the responsibility of security firms: you also have to be smart about what you install."
Symantec's Hamada points out one easy way for users to see that something's wrong in this particular case: prior to installation, the app requests SMS-related permissions, which shouldn't be required for a free gaming app.