Android Malware "Obad" Called Most Sophisticated Yet 117
chicksdaddy writes "A new malicious program that runs on Android mobile devices exploits vulnerabilities in Google's mobile operating system to extend the application's permissions on the infected device, and to block attempts to remove the malicious application, The Security Ledger reports. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a 'multi function Trojan.' Like most profit-oriented mobile malware, Obad is primarily an SMS Trojan, which surreptitiously sends short message service (SMS) messages to premium numbers. However, it is capable of downloading additional modules and of spreading via Bluetooth connections. Writing on the Securelist blog, malware researcher Roman Unuchek called the newly discovered Trojan the 'most sophisticated' malicious program yet for Android phones. He cited the Trojan's advanced features, including complex code obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allows Obad to elevate its privileges on infected devices and block removal."
Follow the Money? (Score:5, Informative)
A fitting name... (Score:4, Informative)
Obad is Bosnian (also Croatian and Serbian) for horse-fly. [wikipedia.org]
Vulnerability extends application's permissions? (Score:5, Informative)
Yes, the vulnerability requires prompting the user to explicidly install the app and explicidly raise permissions.
"Do you want to install this application?"
"Activate device administrator?"
Re:So who lied? (Score:4, Informative)
Bingo!
The Australian Communications and Media Authority's statistics breakdown shows of about 16,500 infected devices online at any one time, 20 Windows viruses make up more than 16,400 of the active IPs. Rarer Windows viruses, and Mac, iOS, Linux and Android infections all total less than 100 infections.
http://www.acma.gov.au/WEB/STANDARD..PC/pc=PC_600121 [acma.gov.au]
Kasperky says:
Over a 3-day observation period using Kaspersky Security Network data, Obad.a installation attempts made up no more than 0.15% of all attempts to infect mobile devices with various malware.
http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan [securelist.com]
So to put this all in perspective, this new super-virus made up less than 0.15% of the attempts to join the 0.1% of infections that aren't Windows viruses.
If you read the Kaspersky analysis of the "super-malware", you'll see why. It ASKS for permission to install and to elevate privileges. If the user says "No", it doesn't happen.
Re: Follow the Money? (Score:2, Informative)
The latest version of cyanogen actually has this feature. Anytime a text is attempted to be sent to a premium number or service the OS itself blocks it then prompts the user and asks if they wish to allow it to be sent. It also gives the option to always allow or just allow once and no matter which you choose it will prompt any time a new number is used in the recipients field. Google should merge that code into aosp
Re:Vulnerability extends application's permissions (Score:5, Informative)
Okay, firstly side-loading has to be enabled to install anything that isn't on Google Play. So instantly 99.9% of users are not vulnerable. Okay, it can spread through BlueTooth but that requires you have already paired your device with an infected one manually. Most people pair their devices with things like their car and headset, not other random phones.
Then when you do install the app the warning message that appears is very different to the one you see on Google Play and explains that you should not trust unknown sources. It's not like "oh another UAC prompt, click yes to continue", it is a different and more scary warning that most users will never have seen before.
It's basically like Mac or Linux malware. It exists but you have to be incredibly dumb to fall victim to it. There isn't really much more anyone can do to help people who are that stupid.