If you’re using Facebook on your Android smartphone, you should be just as careful clicking on links as you would (hopefully) be on a desktop computer.
A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become “friends” or not.
As the following video demonstrates, a link on the user’s Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.
(Enjoy this video? Check out more on the SophosLabs YouTube channel.)
The malware package was called any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services.
Alarm bells definitely rang when I noticed the app was using a class name which attempted to associate it with the legitimate Opera browser app:
An encrypted configuration file inside the package includes the dialling codes for all supported countries (for instance, the UK is in there) and the premium rate number and text of the SMS message which it intends to send.
Although the app makes a pretence of informing you what it plans to do when you first run the program, it is being pushy in the extreme by installing itself without your permission.
What’s even more suspicious is that when I revisted the url on my Android smartphone a few days later, I was redirected to another website which downloaded a different app (allnew.apk) which had the same functionality as the earlier sample, but was non-identical on a binary level.
Clearly someone is busy creating new variants of this malware.
Sophos products detect the malicious app as Andr/Opfake-C.
Take care everyone.
Update: In answer to some readers’ questions, it’s important to note that the malware does not install itself automatically onto the Android smartphone. Instead, what we saw was the malicious APK file downloaded onto the device. There does, of course, remain the risk that a user might be tricked into manually installing the app – perhaps through social engineering.
As always, be very careful what you install onto your Android phone, and check the permissions that it asks for. You may also like to consider installing some free anti-virus onto your Android device.