Behold, the world’s most sophisticated Android trojan

June 7, 2013 – 5:09 PM

Recently discovered malware targeting Android smartphones exploits previously unknown vulnerabilities in the Google operating system and borrows highly advanced functionality more typical of malicious Windows applications, making it the world’s most sophisticated Android Trojan, a security researcher said.

The infection, named Backdoor.AndroidOS.Obad.a, isn’t very widespread at the moment. The malware gives an idea of the types of smartphone malware that are possible, however, according to Kaspersky Lab expert Roman Unuchek in a blog post published Thursday. Sharply contrasting with mostly rudimentary Android malware circulating today, the highly stealthy Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.

“To conclude this review, we would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits,” Unuchek wrote. “This means that the complexity of Android malware programs is growing rapidly alongside their numbers.”

Google representatives didn’t respond to an e-mail seeking comment for this post. The trojan is initially distributed through spammed text messages. There’s no indication it’s hosted in the Google Play market for Android apps, so it appears to infect only phones that have been configured to “sideload” apps available from alternative sources.

The malware exploits a previously unknown Android bug that allows it to gain stealthy, persistent, and highly privileged access to the phone’s inner workings. “By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges,” Unuchek said. “As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges.”


You must be logged in to post a comment.