New Android Trojan is complex as Windows malware
Posted on 07.06.2013
Mobile (and especially Android) malware is on the rise and according to researchers from Kaspersky Lab, its complexity is also increasing.

Case in point: Backdoor.AndroidOS.Obad.a.

This newly discovered Trojan has obviously been constructed by someone who knows quite a bit about the Android platform, as the creator has taken advantage of multiple known and previously unknown errors and vulnerabilities in the OS to make the analysis of the file difficult.

An error in the software program used by analysts to convert APK files into the (for the analysis) more convenient JAR format has been used to prevent such a transformation and make the statistical analysis of the Trojan more difficult.

Two bugs in the Android operating system itself have been used to modify a file that makes dynamic analysis of the malware harder, and to extend Device Administrator privileges to the app, but without making it obvious (i.e. adding it to the list of applications that have such privileges).

This, and the fact that the Trojan does not have an interface, makes it impossible to delete it once the device is compromised.

The creators have also done a good job with encrypting and obfuscating most of the code - strings, names of classes and methods, and so on.

The Trojan is able to do a number of things: block the deviceís screen for up to 10 seconds; harvest information such as the name of operator, phone number, IMEI, phone userís account balance, whether Device Administrator privileges have been obtained and send it to a remote C&C server; download additional malware; send messages to premium-rate numbers; send the download malware to other nearby devices via Bluetooth, and so on.

"Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans," the researchers noted, referring both to its intricacy and the number of unpublished vulnerabilities it exploits - the existence of which has now been shared with Google researchers.









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //