ID: IRCNE2013091949
Date: 2013-09-08
According to "techworld", the Obad.a Android Trojan first analysed by Kaspersky Lab in June has turned out to have an innovative and predatory ability to piggyback on botnets controlled by third-party criminal networks.
This behaviour was spotted when the firm noticed that smartphones that had been infected with the hugely successful but apparently unrelated Opfake.a Trojan were being used as a launching pad for Obad.a to send malicious links to everyone in that victim's address book.
According to Kaspersky, the malware was also being spread via convincing-looking copies of the Google Play store as well as a campaign of mobile spam.
So far, they’ve been successful in Russia with a smaller number of infections in nearby republics such as Ukraine, Belarus, Uzbekistan and Kazakhstan. One Russian mobile network had detected 600 of Obad’s spam messages in a matter of hours, suggesting that its piggyback tactic was working, Kaspersky said.
“In three months we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete,” observed Kaspersky researcher, Roman Unuchek.
The vulnerability in question had been closed in Android 4.3 which meant that large numbers of devices not running this version remained vulnerable, he added.
“Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android.”
- 2