Variants in the OpFake family send SMS messages to premium-rate numbers.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
The OpFake malware family include variants that operate on the Android, Symbian and Windows Mobile platforms. All variants essentially sends SMS messages to premium-rate numbers.
The first variant, OpFake.A is disguised as an Opera Mini web browser updater, to the extent of adding an Opera icon on the menu and displaying a fake download progress bar to make it appear that the application is actually downloading, and a fake license.
In addition to sending out SMS messages to premium-rate numbers, the malware also monitors SMS messages and is capable of deleting/moving messages based on the originating phone numbers and message content. Subsequent variants share similar technical details.
This malware is also discussed in the following Labs Weblog post:
This malware is discussed in further detail in: