Tweet
Latest self-replicating Android Trojan looks and acts just like Windows malware
Friday, June 7, 2013 · 5:31 pm
Android malware is becoming more like Windows malware, “in other words, more dangerous to users,” Mathew J. Schwartz reports for InformationWeek. “One of the latest, a Trojan application called Odad.a… creates an attacker-accessible backdoor on infected Android devices, can download and install additional malware, infect nearby devices with the malware — via Wi-Fi or Bluetooth — and receive further instructions from the attacker. For good measure, the malware also can send SMS messages to premium phone numbers, thus generating revenue for attackers or their business associates.”
“‘At a glance, we knew this one was special,’ said Roman Unuchek, a security researcher at Kaspersky Lab, in a blog post citing the fact that whoever developed the malware not only built in numerous capabilities, but also carefully hid the code to make it difficult to detect or study,” Schwartz reports. “Although the malware is somewhat rare, it’s reportedly being distributed in a typical way: most likely disguised as a legitimate app via “alternative app stores and fishy websites,” reported Android Police.”
Schwartz reports, “Whoever built the malware took advantage of three different flaws in the Android operating system, or related software, to make the malware more difficult to detect or eradicate… From a user-interface standpoint, it also means that once the malware infects the device, a user can’t revoke those privileges or even delete the application through the operating system… Using these privileges, the malware can disable access to the device’s screen for up to 10 seconds, which is likely used to conceal bad behavior, because it ‘typically happens after the device is connected to a free Wi-Fi network or Bluetooth is activated,’ said Unuchek. ‘With a connection established, the Trojan can copy itself and other malicious applications to other devices located nearby… Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits. This means that the complexity of Android malware programs is growing rapidly alongside their numbers.’”
Read more in the full article here.
Friday, June 7, 2013 · 5:31 pm
Android malware is becoming more like Windows malware, “in other words, more dangerous to users,” Mathew J. Schwartz reports for InformationWeek. “One of the latest, a Trojan application called Odad.a… creates an attacker-accessible backdoor on infected Android devices, can download and install additional malware, infect nearby devices with the malware — via Wi-Fi or Bluetooth — and receive further instructions from the attacker. For good measure, the malware also can send SMS messages to premium phone numbers, thus generating revenue for attackers or their business associates.”
“‘At a glance, we knew this one was special,’ said Roman Unuchek, a security researcher at Kaspersky Lab, in a blog post citing the fact that whoever developed the malware not only built in numerous capabilities, but also carefully hid the code to make it difficult to detect or study,” Schwartz reports. “Although the malware is somewhat rare, it’s reportedly being distributed in a typical way: most likely disguised as a legitimate app via “alternative app stores and fishy websites,” reported Android Police.”
Schwartz reports, “Whoever built the malware took advantage of three different flaws in the Android operating system, or related software, to make the malware more difficult to detect or eradicate… From a user-interface standpoint, it also means that once the malware infects the device, a user can’t revoke those privileges or even delete the application through the operating system… Using these privileges, the malware can disable access to the device’s screen for up to 10 seconds, which is likely used to conceal bad behavior, because it ‘typically happens after the device is connected to a free Wi-Fi network or Bluetooth is activated,’ said Unuchek. ‘With a connection established, the Trojan can copy itself and other malicious applications to other devices located nearby… Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits. This means that the complexity of Android malware programs is growing rapidly alongside their numbers.’”
Read more in the full article here.
Comment