Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Malware Campaign Targeting Opera Mobile

March 14, 2012 - 2 min read
I've stumbled upon hundreds of links targeting Opera Mobile users, to trick them into installing a malware on the device.

The links are in the form of:


Each has a different phpsessid value. The domain was registered last month (02/12/2012) and does not seem to host any legitimate content.

These pages redirect to another domain, mskmarkets.ru (hxxp://mskmarkets.ru/l.php?l=o4&r=2695&a=29#phpsessid=afe9720a74a56800a2bd682b171e9914) where users are warned in Russian that their browser is out of date:

WARNING! An update your browser!
Your browser version is outdated, your phone is at risk of infection by dangerous virus!
We strongly recommend that you upgrade your browser. To update, click Update.

Note that a Google Chrome favicon is used and the page leverages the same theme and icons as Opera Mobile. The source code has multiple references to Opera (CSS, links, etc.) and targets WAP-enabled devices.

When the user clicks on the Refresh button, the file browser_update.jar gets downloaded (and possibly installed, I don't have the right device to test). This malicious Java application is currently flagged by 8 of 43 AV engines as an SMS sender. This type of malware is very common on mobile devices. They are used for spam or contact surcharged phone numbers.

According to Wikipedia, Opera has a huge market share in Russia and Eastern Europe, with more than 36% of the browser market (only 2.7% world-wide).

With the lack of effective AV and other security tools on smartphones, especially on low-end devices, mobile users must be very careful about downloading and installing applications, especially outside of the official app stores.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.