Downloading mobile games? Symantec warns that there may be thieves in your “Temple Run” download. The creators of the Android.Opfake threat have struck again and with guile, no less. Symantec have recently discovered several dummy sites to disguise games such as Temple Run and as malware. While most dummy sites are easily spotted, the Opfake team have gone to great lengths to ensure that users will fall for their schemes, having included images of devices playing the games.
[ad#Google Adsense 336×280]
All of the front-end sites connect back to a central back-end site that acts as a file generator or repository. While most tech-savvy, net-savvy or internet enthusiasts would have probably identified the list below as unsafe, the following list includes some front-end sites Symantec have identified so far:
- [http://]www.fruitninjaandroid-apk.ru
- [http://]www.flashplayerandroid-apk.ru
- [http://]www.cuttherope-android-apk.ru
- [http://]www.cuttherope-experiments-apk.ru
- [http://]www.cuttherope-apk.ru
- [http://]www.angrybirds-android-apk.ru
- [http://]www.jellydefense.ru
- [http://]www.templerun-android.ru
That being said, there may be many others out there, so do be careful when downloading from unsecured sites. More details and analysis are provided in the following blog produced by Symantec’s Security Response team:
http://www.symantec.com/connect/blogs/thieves-temple-androidopfake-makes-another-run
In addition, Symantec has published a new whitepaper detailing the inner workings of the Opfake malware and how on the surface the threat may appear to utilize a legitimate business model to generate revenue but a technical analysis reveals the unforeseeable risks it creates for end users. The paper can be found here:
