All of the front-end dummy game sites connect to a central back-end site that acts as a file generator or repository, explained Symantec researcher Irfan Asrar in a blog.
The attackers have even gone so far as to include images of actual devices playing the games in an attempt to convince users that the malicious versions are actually legitimate, Asrar explained.
In addition, Symantec has published a white paper detailing the workings of the Opfake malware. The paper describes how on the surface the threat may appear to utilize a legitimate business model to generate revenue, but a technical analysis reveals the risks it creates for end users.
The Opfake malware masquerades as various apps and content, including an installer for the Opera Web browser and a pornographic movie, which require the user to pay for them. It demands payment for the app or content through premium text messages, the white paper explained.
The malware also displays a service agreement to the user that describes the usage of paid text messages in Russian because the malware author is targeting users in Russia.
“What [the Opfake developers] are trying to do is make money by sending premium text messages”, said Kevin Haley, director of Symantec Security Response. “What they are trying to do is make it seem like you have agreed to sending these text messages. As part of agreeing to install the app a text message gets sent that you have to pay for”, he told Infosecurity.
“They could almost make the argument that this is what you agreed to when you downloaded the game. Unfortunately, they don’t give you the option of not sending the text message and they don’t make it clear that they are doing it and they don’t tell you how much it is going to cost”, Haley explained.
Haley advised users to install antivirus software on their phone, use trusted marketplaces such as Google Play, and check the permissions of an app. “If you don’t like what the permissions are requesting, then don’t install the app”, he concluded.