Filtered by: Scitech
SciTech
New trojan targets Android devices –and is almost impossible to remove
Owners of devices running Google's Android operating system were warned over the weekend against a new malware that a security vendor described as one of the most sophisticated it has encountered so far.
Kaspersky Labs said the malware, which it dubbed Backdoor.AndroidOS.Obad.a, exploits previously unknown bugs in Android to gain extended administrator privileges and make it virtually impossible to delete.
"The creators of Backdoor.AndroidOS.Obad.a also used yet another previously unknown error in the Android operating system. By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges. As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges," it said.
It added Backdoor.AndroidOS.Obad.a does not have an interface and works in background mode.
With extended Device Administrator Privileges, the Trojan can block the device’s screen for up to 10 seconds, after the device is connected to a free Wi-Fi network or Bluetooth is activated.
If it establishes a connection, the Trojan can copy itself and other malicious applications to other devices located nearby.
"We have already informed Google about the Device Administrator vulnerability in Android.," it said.
Kaspersky said the malware can:
- send SMS to premium-rate numbers
- download other malware programs, installing them on the infected device and/or sending them further via Bluetooth
- remotely perform commands in the console.
Kaspersky also said the new malware's creators took steps to obfuscate the malware's code to make it hard for anti-malware experts to even analyze it.
Kaspersky said the Trojan first checks if Internet access is available, then downloads the page facebook.com.
"It extracts a certain element of that page, and uses it as decryption key. Thus, Backdoor.AndroidOS.Obad.a can only decrypt C&C addresses when Internet access is available. This feature further complicates the analysis of this piece of malware," it said.
The malware then collects information about the device, operator, and even the user's account balance, and sends the data to a command and control server.
Closer to windows malware
Kaspersky also noted the malware "looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits."
"This means that the complexity of Android malware programs is growing rapidly alongside their numbers," it said. — TJD, GMA News
Find out your candidates' profile
Find the latest news
Find out individual candidate platforms
Choose your candidates and print out your selection.
Voter Demographics
More Videos
Most Popular