Kaspersky Lab experts detected a new Trojan Targeting Android device. The program, called “Obad” uses very sophisticated methods of hiding and avoiding analysis and allows cyber criminals to force the infected smartphone to send SMS messages to premium numbers, download other malware, to infect another phone via Bluetooth and execute remote commands cybercriminals.
Developers obad used a previously unknown bug in Android
/ AFP
Recently, experts from Kaspersky Lab received the analysis of the application for Android, which aroused their suspicions in the first time – program code was heavily encrypted, and many of the procedures used a very effective method of hiding from the analysis. The use of such mechanisms in programs for computers is nothing new, but in the case of mobile applications, it is very unusual. After a detailed analysis, it turned out that the application is actually a multifunctional complex trojan now detected by Kaspersky Lab solutions as Backdoor.AndroidOS.Obad.a.
errors in Android used by obad
Developers obad used a previously unknown bug in Android that allows malicious applications to gain administrative privileges without appearing in the list of installed programs, which have such privileges. As a result, when Obad infect the device, its removal is not possible using conventional system.
virus Doctor Web has detected a new type of malware for the Android platform. Trojan Android.Pincer.2.origin task is to capture incoming SMS messages and send them to cybercriminals. The virus poses a serious threat to users as stolen … read more
cybercriminals have discovered a second error in Android, with the processing AndroidManifest.xml. This file is present in all applications for Android and is used to describe the structure of programs and define their parameters. Obad modify AndroidManifest.xml file in a way that makes it does not comply with the standards of Google, it continues to be properly processed by the system. Kaspersky Lab experts have already informed Google of previously unknown bug in Android Trojan used by the creators of Obad.
Response of the infected smartphone
infected smartphone user is unlikely to notice the malicious activity as Obad has no interface and runs in the background. The symptom of infection may be blocking your phone screen for about 10 seconds when the user activates the Bluetooth module or connected to an open Wi-Fi networks. During this apparent inactivity Trojan attempts to attack all devices within the infected smartphone. An additional sign of infection may be a message about the failure to obtain root privileges.
What does the Trojan on the infected smartphone
Once you have administrative privileges Trojan immediately inform the cybercriminal, sending a message to a special server. From this point the attacker could remotely execute a series of commands without the knowledge or consent of the user smartphone. Apart from using the server, cybercriminals can also control Trojan with a text message. When you first start Obad collects and sends to criminals following information for the affected device: Bluetooth device address, name, telephone company, telephone number, mobile IMEI number, mobility and balance local time.
In addition, the worm sends regular reports to a cyber criminal activity, including its premium list of numbers, in which it was possible to send text messages and operational statistics.
“At the moment, the Trojan Obad is not widespread, but you can not underestimate the threat of the stage” – says Roman Uchunek, an expert with Kaspersky Lab. “Obad is more like a Trojan for the Windows than usual, ‘simple’ malicious application for Android. Obad once again reminds us that cybercriminals are very serious about creating malicious programs for mobile platforms.”
No comments:
Post a Comment