A security firm posted information about a new Android Trojan that appears unlike anything seen before when it comes to complexity and the number of malicious actions it’s able to perform.
Called Backdoor.AndroidOS.Obad.a, the malware is compared to malicious threats that usually target Windows, not Android. The new malware uses several exploits, some of them new to security researchers from Kaspersky, who discovered Obad.a.
The Trojan is able to perform a variety of tasks once installed, and it appears to be impossible to remove, as Obad.a doesn’t even have an interface, and acts directly from the background, without alerting the user that a malicious app is running.
The Trojan is encrypted, and needs an internet connection in order to install and perform its intended malicious tasks. Once it’s installed, the device can gain device administrator privileges (without showing up in the list of apps that have such powers) and root privileges to further achieve its desired goals.
Here’s what the malware can do, according to Kaspersky:
- Send text messages. Parameters contain number and text. Replies are deleted.
- Receive account balance via USSD.
- Act as proxy (send specified data to specified address, and communicate the response).
- Connect to specified address (clicker).
- Download a file from the server and install it.
- Send a list of applications installed on the smartphone to the server.
- Send information about an installed application specified by the C&C server.
- Send the user’s contact data to the server.
- Remote Shell. Executes commands in the console, as specified by the cybercriminal.
- Send a file to all detected Bluetooth devices.
Because it comes encrypted before installing itself on the device, and because it exploits certain vulnerabilities, analysis and detection of this particular program may be very difficult. However, despite its complexity, the sophisticated Trojan is not widely spread, and is said to have infected only a certain number of devices, with most of them being in Russia.
At the same time, it’s not clear who devised the program, and what their intentions were for it.
No connection between existing Google Play Store apps and the Trojan has been established, so it looks like the malicious app is downloaded from other app sources. But, Google has been informed about the new Android vulnerability the Obad.a uses, which will make it much easier to detect if it is repackaged into apps that appear legitimate, intended for syndication via Google Play.
As always when talking about Android malware, we’ll advise exercising caution when getting apps from untrusted sources. Paying attention to what you install on your devices can save you the trouble of having to deal with the consequences of malware apps. There are also a variety of security applications to help protect your device, but as long as you’re careful with what you download on your handset and/or tablet you should be fine, no matter what Android malware apps may be out there.