Trend Micro said:The recent rise of mobile computing has further signaled the need for users to have a good reliable mobile browsers, such as Opera Mini, installed into their smartphones or any mobile device. We believe that it is for this reason that cybercriminals are currently using Opera Mobile as a disguise for mobile malware.
We encountered a website that seems to have been designed to be viewed on a mobile device. The site, which is in Russian, appears to look like the Opera site. It immediately informs visitors that they need to upgrade their version of Opera Mini. Below are screenshots of OperaMini.jar when installed in a mobile phone.
Below is a screenshot of the said site:
All of the links in website lead to the download of the malicious file OperaMini.jar, which is now detected as J2ME_FAKEBROWS.A.
When executed into the device, it checks if the mobile phone uses certain service centers and then proceeds to sending text messages to premium numbers. It affects the mobile devices that support MIDlets — a Java program for embedded devices, specifically the Java 2 Micro Edition (J2ME).
Update as of October 3, 2011, 4:45 AM PST
We were able to find another mobile malware that arrives as a fake Opera Mini installer. This malware however targets Android users. Detected as ANDROIDOS_FAKEBROWS.A, this malware is a premium service abuser — it sends messages to a premium numbers, leaving affected users with unwanted charges.
As advised above, users are advised to install Opera Mini into their devices by directly accessing the Opera site, to avoid being victimized by such attacks.