A security firm posted information about a new Android Trojan that appears unlike anything seen before when it comes to complexity and the number of malicious actions it’s able to perform.
Called Backdoor.AndroidOS.Obad.a, the malware is compared to malicious threats that usually target Windows, not Android. The new malware uses several exploits, some of them new to security researchers from Kaspersky, who discovered Obad.a.
The Trojan is able to perform a variety of tasks once installed, and it appears to be impossible to remove, as Obad.a doesn’t even have an interface, and acts directly from the background, without alerting the user that a malicious app is running.
The Trojan is encrypted, and needs an Internet connection in order to install and perform malicious tasks. Once it’s installed, the device can gain Device Administrator and privileges (without showing up in the list of apps that have such powers) and root privilages to further achieve its goals.
Here’s what the malware can do, according to Kaspersky:
- Send text message. Parameters contain number and text. Replies are deleted.
- Receive account balance via USSD.
- Act as proxy (send specified data to specified address, and communicate the response).
- Connect to specified address (clicker).
- Download a file from the server and install it.
- Send a list of applications installed on the smartphone to the server.
- Send information about an installed application specified by the C&C server.
- Send the user’s contact data to the server.
- Remote Shell. Executes commands in the console, as specified by the cybercriminal.
- Send a file to all detected Bluetooth devices.
Because it comes encrypted before installing itself on the device, and because it uses certain vulnerabilities, analysis and detection of this particular program may be difficult. However, despite its complexity, the sophisticated Trojan is not widely spread, and it’s said to have infected only a certain number of devices, most of them in Russia.
At the same time, it’s not clear who devised the program, and what their intentions were for it.
No connection between existing Google Play Store apps and the Trojan has been established, so it looks like the malicious app is downloaded from other app sources. But Google has been informed about the new Android vulnerability the Obad.a uses, which will probably be patched up in the near future.
As always when talking about Android malware, we’ll advise exercising caution when getting apps from untrusted sources. Paying attention to what you install on your devices can save you the trouble of having to deal with the consequences of malware apps. There are also a variety of security applications to help protect your device, but as long as you’re careful with what you download on your handset and/or tablet you should be fine, no matter what Android malware apps may be out there.
Via: Android Authority