Most advanced Android malware threat yet: Obad.a

by: Chris SmithJune 8, 2013


A security firm posted information about a new Android Trojan that appears unlike anything seen before when it comes to complexity and the number of malicious actions it’s able to perform.

Called Backdoor.AndroidOS.Obad.a, the malware is compared to malicious threats that usually target Windows, not Android. The new malware uses several exploits, some of them new to security researchers from Kaspersky, who discovered Obad.a.

The Trojan is able to perform a variety of tasks once installed, and it appears to be impossible to remove, as Obad.a doesn’t even have an interface, and acts directly from the background, without alerting the user that a malicious app is running.

The Trojan is encrypted, and needs an internet connection in order to install and perform its intended malicious tasks. Once it’s installed, the device can gain device administrator privileges (without showing up in the list of apps that have such powers) and root privileges to further achieve its desired goals.

Here’s what the malware can do, according to Kaspersky:

  • Send text messages. Parameters contain number and text. Replies are deleted.
  • PING.
  • Receive account balance via USSD.
  • Act as proxy (send specified data to specified address, and communicate the response).
  • Connect to specified address (clicker).
  • Download a file from the server and install it.
  • Send a list of applications installed on the smartphone to the server.
  • Send information about an installed application specified by the C&C server.
  • Send the user’s contact data to the server.
  • Remote Shell. Executes commands in the console, as specified by the cybercriminal.
  • Send a file to all detected Bluetooth devices.

Because it comes encrypted before installing itself on the device, and because it exploits certain vulnerabilities, analysis and detection of this particular program may be very difficult. However, despite its complexity, the sophisticated Trojan is not widely spread, and is said to have infected only a certain number of devices, with most of them being in Russia.

At the same time, it’s not clear who devised the program, and what their intentions were for it.

No connection between existing Google Play Store apps and the Trojan has been established, so it looks like the malicious app is downloaded from other app sources. But, Google has been informed about the new Android vulnerability the Obad.a uses, which will make it much easier to detect if it is repackaged into apps that appear legitimate, intended for syndication via Google Play.

As always when talking about Android malware, we’ll advise exercising caution when getting apps from untrusted sources. Paying attention to what you install on your devices can save you the trouble of having to deal with the consequences of malware apps. There are also a variety of security applications to help protect your device, but as long as you’re careful with what you download on your handset and/or tablet you should be fine, no matter what Android malware apps may be out there.

  • Avinash Kumar

    apple IOS(without the usual IOS Crap)+ Lumia 920 Build + 3000MAh battery = PERFECT PHONE

    • Chris Thomson

      So what’re you doing on AndroidAuthority exactly?

      • Limetime

        I guess his looking for his battery ;)

      • Ivan Myring

        Disqus probably fucked up. Its happened to me in the past

      • Raaj

        That guy IS the malware!!!

    • milksop held

      Umm no, smasung galaxy s4 built like the HTC one with a IPS screen, stock android 4.2.2 3100 mah battery, iOS app store merged with Google play and s pen support. There you have it a perfect phone

      • Ivan Myring

        You sir, have devised the greatest phone ever.

      • Daniel DS

        Why S Pen when you can simply use your finger? >_>

    • SeraZR™

      umm no android = utter crappy failure

    • Guest

      Except that it’s running iOS. Android is a real OS. I can load media files directly to the phone and manage the phone like a normal computer. Apple has locked down the phone to such an extent that it’s unusable for about half the things I want to do.

  • Lil bit

    Just don’t sideload apps, how hard is it? Kids with rooted phones looking to sideload cracked payware games only get what they had coming, normal android users dont even need antivirus or malware protection.

    • killer992

      are you that this malware cant pass to phone from Google Play? I am not as certain as you…

      • com.slut.dope

        Everything is possible but highly unlikely. What are the chances for a normal user who installs 2-4 popular apps or games monthly, and no obscure stuff? You certainly has to do something to tempt destiny to get infected, you ain’t gonna get this from subway surfers or swiftkey on play store.

        • Jakub Xotox Kovacs

          Obviously you can get it through BT, when you have it enabled.

    • lala

      you do know non rooted phone can sideload cracked apps,too right?

      • Joshua Hill

        Are you poking fun at @Lil Bit or are you trying to inform other people here @lala ?

        You can side load apps without root but it is more inconvenient.

        • @+Mateus Crues

          Thanks @lala all knowledge is good knowledge!

        • Michael Muyunda

          its not inconvenient at all .all you have to do is check one option .

  • Micro Shaquer

    Better be cautious…..I’ve been using and enjoyed premium apps in my S3 and this was side loaded with .apk formats through 4shared and from other sites providing free premium Android apps.

    I noticed some of these apps don’t start without internet connection. Is using .apk files vulnerable to this malware threats?

    • com.slut.dope

      No problem, if you get infected it was well deserved, seems to me you earned every malware you can get. As long as no innocent victims are infected its ok and android can still be considered to be very safe.

      • Micro Shaquer

        That’s unfair….give me nice advise instead.

        • George Av

          THIS^ you’re the ONE that can’t find $1 for a app though you pay $600 for your S3..

          • SeraZR™


    • Michael

      There are safe apps on 4shared and I’ve got a lot of safe premium apps from there, but I always scan the apps with Lookout pre-installation and avast post-installation and the chances of malware is 50/50

    • SeraZR™

      well its coz of u pirating idiots, the game and apps devs are suffering

    • ranger

      If you’re rooted, use DroidWall or any other good firewall to specify which app can/cannot access internet. Know which address app connect to. Limit outgoing IP or subnet address.

      Use good anti virus. Update daily.

      Don’t download apk from random website, 4shared etc. Get from reliable forum, get from reliable uploader/member, and if possible wait from other member to test/respond before you install the apk.

      Before install, check app permission. Compare with original app permission in GooglePlay. Avoid any app with suspicious permission like send sms, phone call, etc.

      And last, if you REALLY want to install pirated apk on your phone/device, don’t store any sensitive information on it!

  • KillEmAllx

    Just use Aptoide to get apps that are not in the market, or even cracked apps if you want. The whole “devs are suffering” thing is so butthurted. Android, a LINUX based OS, is opensource, and completely for FREE, as all linux based OS.
    Apps should be free, just put some ads on them or make a donate version for the app, or make a PRO version of it. I’m sure that people who like and enjoy the app would pay or donate for it to support the devs (I would).
    There’s no point on just grabbing cracked apps all the time, as you know it’s not safe and not “good” for the dev, but you wouldn’t buy a car before you’ve tried it, would you?

    • Paul M

      So the people who’s job is to write software should do it for free, and simply beg in the streets for money so they can feed themselves?
      Most android apps are developed by small organisations or individuals, there’s no bloated corporation siphoning off the money like there is with music for example.

      So, if you don’t have the money, and if there’s no version with ads to pay for it, then live without it!

      • KillEmAllx

        So how make companies like Canonical money, with their free-OS ubuntu? Or most game and app devs like angry birds or xda devs?
        Ofc it’s their job and they need to survive but I don’t think pirated apps are destroying developers. That’s why every app should have a LITE/PRO version, ads or donation versions.

        • Paul M

          Canonical sell services like maintenance and support; the people who get the OS for free are also their testers.
          XDA devs website is advertising drive.
          Rovio do quite well out of adverts – by choice – but you can pay to turn off adverts.

          Sure, I think it’s sensible for apps to have a paid for complete version, and advert-loaded “free” one, but it’s there choice.

          Do you share your internet/wifi with neighbours? If not, how would you feel if they simply cracked the security and used it anyway?

          • KillEmAllx

            Well I don’t think devs get arrested for having horse porn on their computers when people crack their apps haha.