James Delahunty
18 May 2012 19:46
Android.Opfake rips off mostly Russian users.
Symantec reports hundreds of fake websites, some which appear to be websites dedicated to specific popular apps, while others pretend to be app market sites.
When a user downloads an installation file, it appears to install the app on the device, but then redirects the user to Google Play, where they can download the app for free. By this time, the first installation - which was the malicious software - has already sent off a premium SMS message and the user will be charged for it.
Symantec has repeated its call (and that of all security software peddlers) for users to install apps only from trusted sources, and also to read the permissions that are requested by app.
It points out, as an example, that a game usually would not require the ability to send SMS messages. If you are uncomfortable with the permissions required by any apps, from any source, you should opt not to install them.