Called Backdoor.AndroidOS.Obad.a, the malware is compared to malicious threats that usually target Windows, not Android. The new malware uses several exploits, some of them new to security researchers from Kaspersky, who discovered Obad.a.
The Trojan is able to perform a variety of tasks once installed, and it appears to be impossible to remove, as Obad.a doesn’t even have an interface, and acts directly from the background, without alerting the user that a malicious app is running.
- Send text messages. Parameters contain number and text. Replies are deleted.
- Receive account balance via USSD.
- Act as proxy (send specified data to specified address, and communicate the response).
- Connect to specified address (clicker).
- Download a file from the server and install it.
- Send a list of applications installed on the smartphone to the server.
- Send information about an installed application specified by the C&C server.
- Send the user’s contact data to the server.
- Remote Shell. Executes commands in the console, as specified by the cybercriminal.
- Send a file to all detected Bluetooth devices.
At the same time, it's not clear who devised the program, and what their intentions were for it.
No connection between existing Google Play Store apps and the Trojan has been established, so it looks like the malicious app is downloaded from other app sources. But, Google has been informed about the new Android vulnerability the Obad.a uses, which will make it much easier to detect if it is repackaged into apps that appear legitimate, intended for syndication via Google Play.
As always when talking about Android malware, we’ll advise exercising caution when getting apps from untrusted sources. Paying attention to what you install on your devices can save you the trouble of having to deal with the consequences of malware apps. There are also a variety of security applications to help protect your device, but as long as you’re careful with what you download on your handset and/or tablet you should be fine, no matter what Android malware apps may be out there.