Feeds

Sneaky new Android Trojan is WORST yet discovered

Sophisticated code stays hidden but can wreak havoc

Secure remote control for conventional and virtual desktops

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified.

In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being closer to Windows malware than to your typical mobile Trojan, owing to its complexity and sophistication.

Obad uses multiple layers of encryption and code obfuscation to conceal what it's doing, and it exploits previously unknown vulnerabilities in the Android OS to gain near total control over a device.

It runs in the background and has no visible user interface, but communicates with command and control (C&C) servers over the device's internet connection, and can even accept commands via SMS text messages.

Worse, once Obad gains Device Administrator privileges, it takes advantage of an Android vulnerability to hide itself from the list of applications that have such privileges, making it impossible for the user to remove it from the device.

Once installed, Obad can be commanded to perform a variety of functions. It can connect to internet addresses, ping servers, download files from servers and install them, and send text messages. It can also send data about the compromised device to the C&C servers, including information about installed applications and the user's contact data.

Screenshot showing Obad Android Trojan activity

Don't do it

On the more sophisticated side, Obad can allow cybercriminals to execute console commands via remote shell, send files to all detected Bluetooth devices, and can act as a proxy server, sending data to a specified address and returning the response.

What's more, Obad has the ability to block the device's screen for up to ten seconds, to help conceal its malicious activity from the user.

Kaspersky Lab has offered no theory as to who might be running the Obad malware, and no point of origin has been identified.

Unuchek says Kaspersky has already informed Google about the Android vulnerabilities exploited by the Trojan, and Obad can now be detected by security software from Kaspersky and other vendors.

If there is a bright spot to any of this, it's that however sophisticated, Obad is still relatively rare. Over a three-day observation period, Kaspersky Lab found that Obad accounted for no more than 0.15 per cent of all attempts to infect mobile devices with malware – for now, at least. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.