Malicious programs of this family display a window that imitates installation of legitimate software. During or after installation, the malware secretly sends SMS messages to premium-rate short numbers without the user’s knowledge.
Over time, this malware family has evolved. Instead of imitating installation of legitimate software, some Trojans in this family immediately ask the user for administrator rights on the device. The Trojans then use these administrator rights to become invisible in the list of installed apps.
The family is named Opfake because early versions imitated installation of the Opera browser.
Geographical distribution of attacks by the Trojan-SMS.AndroidOS.Opfake family
Geographical distribution of attacks during the period from 31 July 2014 to 3 August 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide who were attacked by this malware