Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

New Android Trojan Mirrors Traditional Malware Complexity

Researchers at Kaspersky Lab have discovered an Android Trojan so advanced, that during the first examination, the company said, the research team knew it was special. In a blog post describing the function of the latest Android threat, Kaspersky noted that the complexity in the Trojan’s code is similar to Windows malware.

Researchers at Kaspersky Lab have discovered an Android Trojan so advanced, that during the first examination, the company said, the research team knew it was special. In a blog post describing the function of the latest Android threat, Kaspersky noted that the complexity in the Trojan’s code is similar to Windows malware.

They’ve named the malware Obad.a, and after decrypting the strings in the DEX file, and de-obfuscating the code, Kaspersky learned that the malware is a multi-function Trojan. Obad.a can send SMS messages to toll numbers, download additional malware that can be installed to the Android device or another device connected via Bluetooth, or allow an attacker the ability to perform commands in the console. To make matters worse, the malware runs in background mode and has no interface.

“Malware writers typically try to make the codes in their creations as complicated as possible, to make life more difficult for anti-malware experts. However, it is rare to see concealment as advanced as Odad.a’s in mobile malware. Moreover, this complete code obfuscation was not the only odd thing about the new Trojan,” commented Kaspersky’s Roman Unuchek.

The other odd bit was the fact that the malware itself leverages three vulnerabilities. The first vulnerability resides in the DEX2JAR software, which allows developers to convert APK files into Java Archives (JAR). Further, the malware’s developers are exploiting a flaw in the Android OS itself, which relates to how the AndroidManifest.xml file is processed. And finally, they target a third vulnerability that allows the attackers to create applications with extended Device Administrator privileges – without appearing on the list of applications that have such privileges.

“As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges,” Unuchek noted.

Despite such impressive capabilities, Unuchek wrote, Backdoor.AndroidOS.Obad.a is not very widespread. In fact, the malware itself has only been detected inside the Russian Federation.

“[We] would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits. This means that the complexity of Android malware programs is growing rapidly alongside their numbers…”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...