Trojan-SMS.AndroidOS.Opfake

Detect Date 09/29/2015
Class Trojan-SMS
Platform AndroidOS
Description

Malicious programs of this family display a window that imitates installation of legitimate software. During or after installation, the malware secretly sends SMS messages to premium-rate short numbers without the user’s knowledge.

Over time, this malware family has evolved. Instead of imitating installation of legitimate software, some Trojans in this family immediately ask the user for administrator rights on the device. The Trojans then use these administrator rights to become invisible in the list of installed apps.

The family is named Opfake because early versions imitated installation of the Opera browser.

Geographical distribution of attacks by the Trojan-SMS.AndroidOS.Opfake family

opfake_eng_andr

Geographical distribution of attacks during the period from 31 July 2014 to 3 August 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 74.75
2 Vietnam 10.79
3 Kazakhstan 4.14
4 Ukraine 3.39
5 Belarus 1.19
6 Germany 0.53
7 Azerbaijan 0.47
8 Uzbekistan 0.39
9 Tajikistan 0.38
10 India 0.29

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware