New Android Trojan app exploits previously unknown flaws, researchers say

The malware is the most sophisticated Android Trojan program found to date, researchers from Kaspersky Lab said

A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.

Security researchers from antivirus firm Kaspersky Lab named the new malicious application Backdoor.AndroidOS.Obad.a and labeled it the most sophisticated Android Trojan program to date.

The malware is designed to send SMS messages to premium-rate numbers and allows attackers to execute rogue commands on infected devices by opening a remote shell. Attackers can use the malware to steal any kind of data stored on compromised devices or to download additional malicious applications that can be installed locally or distributed to other devices over Bluetooth.

The Obad.a Trojan program makes heavy use of encryption and code obfuscation in order to hinder analysis efforts, Kaspersky researcher Roman Unuchek said Thursday in a blog post.

"Malware writers typically try to make the codes in their creations as complicated as possible, to make life more difficult for anti-malware experts," the researcher said. "However, it is rare to see concealment as advanced as Odad.a's in mobile malware."

In addition to using encryption and code obfuscation techniques, the malware also exploits previously unknown bugs in Android and third-party software, Unuchek said.

For example, the malicious application exploits an error in a piece of software called DEX2JAR that's used by malware analysts to convert Android application packages (APKs) into Java Archive (JAR) files.

"This vulnerability spotted by the cybercriminals disrupts the conversion of Dalvik bytecode into Java bytecode, which eventually complicates the statistical analysis of the Trojan," Unuchek said.

The malware also abuses a bug in the way Android processes AndroidManifest.xml files. These files are found in every application and contain information about the application's structure and launch parameters.

The Trojan program contains a specifically crafted AndroidManifest.xml that doesn't conform to Google's specification, but is still processed correctly by the Android OS, Unuchek said. This makes dynamic analysis of the malware extremely difficult, he said.

When first executed, Obad.a prompts users for device administrator privilege. Applications that gain this privilege can no longer be uninstalled through the regular apps menu until they are removed from the administrators list in the security settings menu.

The Obad.a malware exploits a previously unknown flaw in the Android OS in order to hide itself from the administrators list, leaving users unable to revoke the privilege and uninstall the app. "We have already informed Google about the Device Administrator vulnerability in Android," Unuchek said.

In addition, on rooted devices, the malware tries to gain root privileges by executing the "su id" command, said Denis Maslennikov, a senior malware analyst at Kaspersky Lab, Friday via email. Like gaining administrative privileges, gaining root access requires user permission, he said.

"Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits," Unuchek said.

The new Trojan program is distributed through SMS spam, but is not very widespread at the moment. According to detection statistics from Kaspersky Lab, installation attempts for Obad.a amounted to only 0.15 percent of the total number of malware infection attempts on mobile devices over a three-day period.

That said, Maslennikov believes that other Android malware threats will adopt advanced techniques like the ones used by this malware in the future. "We think that similar techniques are going to be more widespread very soon," he said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Android OSGooglesecuritymobile securityspywareExploits / vulnerabilitiesmalwarekaspersky lab

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?