June 9, 2013
Complex Trojan Takes Advantage Of Previously Unknown Android Exploit
redOrbit Staff & Wire Reports — Your Universe Online
Security researchers have discovered a new Trojan program that exploits previously undetected flaws in the Android operating system and utilizes techniques more commonly found in Windows malware to remain undetected as it executes rogue commands on infected mobile devices.
The Trojan has been named Backdoor.AndroidOS.Obad.a (Obad.a) by representatives of computer security firm Kaspersky Lab, who has dubbed it the most sophisticated piece of Android malware to date, according to Lucian Constantin of IDG News Service. The program makes heavy use of encryption and code obfuscation in an attempt to prevent security software from discovering what it is doing, the antivirus company said.
The program “is designed to send SMS messages to premium-rate numbers and allows attackers to execute rogue commands on infected devices by opening a remote shell,” Constantin explained. “Attackers can use the malware to steal any kind of data stored on compromised devices or to download additional malicious applications that can be installed locally or distributed to other devices over Bluetooth.”
After it sends those text messages, “it deletes replies made to the text. Next, it downloads a file from a remote server and automatically runs it for installation. All Bluetooth-enabled devices in the vicinity can be infected by a unit carrying the malware,” Giancarlo Perlas of The Droid Guy added. “There are many other dangers associated with Obad.a that includes stealing personal information of the user like contacts and financial details.”
Currently, Obad.a is not very widespread, according to Dan Goodin of Ars Technica. In fact, Constantin said that installation attempts for this particular program amounted to just 0.15 percent of the total number of mobile device malware infection attempts over a three-day period.
However, Goodin warns that it does show that it is possible for cybercriminals to develop malware programs that exploit smartphone vulnerabilities. While most viruses and Trojans targeting Android devices are fairly rudimentary in nature, he said, the way that Obad.a can use various connections to spread to nearby phones and allow hackers to issue malicious commands remotely reveals a new level of complexity and sophistication.
“Obad.a exploits two additional undocumented bugs–one in a component known as DEX2JAR and the other related to the AndroidManifest.xml file,” Goodin added. “Those exploits are designed to make it harder for researchers to reverse engineer the malware. The backdoor also has no interface and works in background mode, further complicating analysis by whitehats or competing malware developers.”
The origins of the Obad.a malware are currently unknown, and Kaspersky Lab has not speculated as to who might be running the program, Neil McAllister of The Register said. The security firm reported that they have already contacted Google about the OS vulnerabilities exploited by the Trojan, and that it can now be detected by Android security software.