Android Malware "Obad" Called Most Sophisticated Yet 117
chicksdaddy writes "A new malicious program that runs on Android mobile devices exploits vulnerabilities in Google's mobile operating system to extend the application's permissions on the infected device, and to block attempts to remove the malicious application, The Security Ledger reports. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a 'multi function Trojan.' Like most profit-oriented mobile malware, Obad is primarily an SMS Trojan, which surreptitiously sends short message service (SMS) messages to premium numbers. However, it is capable of downloading additional modules and of spreading via Bluetooth connections. Writing on the Securelist blog, malware researcher Roman Unuchek called the newly discovered Trojan the 'most sophisticated' malicious program yet for Android phones. He cited the Trojan's advanced features, including complex code obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allows Obad to elevate its privileges on infected devices and block removal."
Re:Vulnerability extends application's permissions (Score:5, Interesting)
I don't think this is going to change because Android programmers are sloppy. To give evidence of this, here is what happened to me today: I opened a few Java files from Android in Eclipse, and looked at the warnings. Within a few minutes I had found 5 different bugs just from reading the warnings in the compiler output. Google programmers have been known to publicly say bugs are no big deal [google.com]. If that attitude has really spread around the company, how capable do you think they will be of writing secure sandbox code?
I was prompted .. so I came xD (Score:2, Interesting)
It sickens me a great deal to see the Google's, Facebooks & Microsoft's of the world just sit back in their soft leather sided armchairs watching other people to discover the security flaws in their software. Microsoft has done it for years with the third party 'Virus Scanner' software providers. Now Google has picked up on the trend
This is what I call an unsustainable business practice. People have to wake up to the understanding that they're being abused. But far, far more importantly