Latest Android trojan could be worst yet


Android users are at risk of picking up one of the “most sophisticated” trojans for smartphone to date, according to security firm Kaspersky. The newest malware scare, which is known as Backdoor.AndroidOS.Obad.a, infects the handsets of unsuspecting users and then proceeds to rack up charges to premium-rate SMS numbers, install additional malware, distribute malicious software to other phones via Bluetooth, and perform remote commands in the Android console.

It does so while hiding behind a veil of code obfuscation and takes advantage of a number of newly discovered security holes in the Android software. Because of this, Kaspersky’s experts are having a hard time tracking down and squashing the malware bug. The trojan provides itself with Device Administrator privileges and then hies itself, making it nearly impossible to delete the malicious file.

While the Backdoor trojan is potent, it also has a rather limited distribution at this point. This may be key in cutting off the problem before it spreads. The new malware accounts for only 0.15 percent of all infection attempts. Kaspersky has informed Google of the newly discovered security threat. A more in depth look at the code behind the trojan can be found at the source link below.

[via Kaspersky]

Continue reading:

TAGS: security

  • Nathan Bryant

    Does anyone notice that a lot of the mobile companies and gov’t are starting to be accused of things and pointing fingers at each other?

  • dfsdf

    So it asks for admin rights, and some users are stupid enough to answer yes?
    Not that it surprises me, but the user is the one to blame.

    • squiddy20

      My understanding of this (in reading Android Police’s coverage on it) is that it doesn’t “ask” for admin rights. It brute forces those rights and then doesn’t show up in the Admin list.

      • No_Nickname90

        This makes me believe that those on JB don’t have anything to worry about. Remember how Google has that new thing with installing APKs? I don’t think this trojan can work on JB.

        Also notice how it just says “newly discovered security holes”. Yea? Well on which firmware? I can discover a new security threat on GB all I want. LoL!!

        • Eric Junior

          The problem is, you can still use the old package manager. When you go to install an APK, it pops up with a choice to use “Google Settings” or “Package Manager.”

    • Maximillion82

      I agree it’s pretty much your own fault if you accept permissions that you don’t understand, I wouldn’t sign a contract if I don’t understand it and accepting permissions without understanding them is pretty much the same, there is a reason Google lists them prior to installing an app.

  • Coast19

    You’ve got a typo towards the end of the second paragraph. Just a heads up :)

    • Eric Junior

      You’ve poor grammar in your post. Just a heads up. :)

  • irishrally

    Of course the guy that switched to iPhone had to write this one.

    • kwest12

      Also, there’s absolutely no way that an anti-virus company would do a write-up with a doomsday-like title. In fact, I have to think that if they accidentally misled anyone with that article, they’d immediately refund their snap-buy of Kaspersky for Android.

    • JPlattim1933

      I definitely wouldn’t mind if android allowed me to be more specific
      and ONLY grant amazon and not just any .apk i could accidentally click
      on to install. Sure its unlikely but why risk it? a simple would u
      like sideload from a source you have not previously approved pop up
      question would be useful.­ ­http://mybestfriendmakes65dollarsper&#46qr&#46net/kkEj

      • Eric Junior

        ^ This; however, manual installs from downloaded APK’s (e.g. from XDA attachments) might pose a problem. Then again, XDA could just make an app store for their devs. If Amazon can do it, anybody can.

        And require a hardware event to grant Administrator. Accessibility requires the user to manually activate it, why does Administrator not have the same requirement?

  • Lex Lybrand

    This type of post is pointless without telling us how users are coming across this virus.

    • h4rr4r

      It’s not a virus. It is a trojan. This means you have to install an application that has this inside it. It does not spread itself.

      If you do not pirate apps you likely have nothing to worry about.

      • Lex Lybrand

        A trojan is a virus.

        This article doesn’t mention where this APK is spreading, which apps it is disguised as, whether they are pirated/sideloaded, or if they’re from any official app store/market.

        Saying “unsuspecting users” is pretty vague.

        • h4rr4r

          No, it is not.

          To be a virus it must spread itself. A trojan is when a supposedly good program contains a malware payload. Like the trojan horse.

          Read the first sentence.

          • Wetworx

            So, what part of the replication process didn’t you understand when it says that it downloads additional malware apps and then attempts to distribute them via Bluetooth?

          • Doug W

            But *YOU* have to install the initial app yourself. That makes it a Trojan and not a Virus. As you yourself said, once installed it will download additional items, but *YOU* still have to do the initial install.

          • Eric Junior

            Y’all are arguing over whether a trojan is a virus? Who the hell cares?

            However, I do agree that we should be made aware of where this malware is coming from.

        • Frederick Nelson

          I agree. This article is crap. No details at all… why did they even post this? No information about which apps are effected, nothing…. WT$?

          • No_Nickname90

            I wonder what firmware this Trojan is on. JB has that security thing with installing APKs. So I don’t think it’s on JB. Notice the small percentage of users. I mean there could be new security holes, but they could have been found in the old firmware.

        • raitchison

          lolwut no a trojan is not a virus, they are both different types of malware.

          A trojan is a program that appears to be benign but has malicious behavior.
          A virus has the ability to copy itself to other files for the purpose of spreading itself to other hosts.
          Also there’s the Worm which actively seeks out other hosts to infect.

          Sounds like this particular thread is a trojan, it has no ability to spread it’s own infection unless people deliberately install it.

          • disqus_ayvQwhvS6h

            A worm is a self spreading virus, jesus that’s common 8th grade knowledge. A virus is simply an unauthorized executable that performs unexpected code. If that code allows remote access, it’s called a RAT or remote access trojan. If that code, or actually referred to as “payload” downloads extra files, it’s called a Trojan Downloader. Different types of viruses.

            A browser exploit with privilege escalation could install itself without the user’s input, perhaps without their knowledge as well.

            But yeah, keep studying and stay in school, and remember to question your professors, because if they’re teaching you to believe you are correct, they should be reported to their supervisors and fired.

            Source: I know what I’m talking about, and you sir sound silly.

        • Michael Quinlan

          The “unsuspecting users” are those suckered into buying anti-malware apps as a result of doomsday posts from anti-malware vendors, and propagated by the media. I’m not saying that Android malware doesn’t exist, but those who download apps from questionable sources, yet are still “unsuspecting”, require adult supervision.

        • Brian S.

          A trojan horse is malware, malware includes viruses and trojans. Since the definition of malware is any malicious software that tries to harm one’s computer, gather data or do anything intentionally undesirable to the attackee – we call trojans malware.

          I have always heard trojans talked about as a subclass of viruses. But the distinction appears to be that a virus intends to spread itself and the trojan must be inside a seemingly harmless horse.

          That’s why I don’t download horses.

          Or cars.

  • MK2

    Um, where’s the info on how it’s being installed? “watch out for this, but I won’t tell you where” What the hell?

    • squiddy20

      You can bet with almost guaranteed certainty that it’s not found within the Play Store or Amazon appstore. As most others are saying, it’s probably found in some backwater Chinese app store that has paid apps for free.

      • Gerard Umbert

        Like play store and amazon appstore has so much security checks…

        • squiddy20

          And how many cases of malware/viruses have you heard of being on either store?
          Also, yes they do have security checks. As I understand it, Amazon has to approve the apps before they’re published (much like Apple’s appstore), and Google has Bouncer and probably a few other security checks that we don’t know about.

  • Banned_from_Japan

    So I assume a hard reset wipe gets rid of it?

    • TheHowiie

      It usually does the trick

    • No_Nickname90

      Or a restore if you’re rooted. So you don’t have to start that far back. And speaking of back-ups. I think I need to make one for my phone. I don’t have any. LoL!!

  • sdrawkcab25

    more fear mongering by Kaspersky. almost anyone with programming knowledge can write a virus/trojan, but it’s pointless if you can’t infect devices easily… this virus involves the user to granting the trojan admin rights and for Bluetooth infection, the users would have to accept the receiving of the file. this is hardly a risk.

    • sdrawkcab25

      and like other people have already mentioned… where are people being infected from…. probably known warez sites that already notorious for spreading malware, if you get a trojan from there, you almost deserve it, and a Darwin award.

      • Jeff Saul

        This is likely the case. As now that Google is aware, anything on the Play Store that has this trojan will be locked/removed by Gooogle.

      • Del373

        Technically, to receive a Darwin award from that they’d have to either die from it or the action would have to someone leave them incapable of reproduction…but I digress, you are right and I agree with you.

        • sdrawkcab25

          i know, was hinting(poorly) that they are also likely to die from doing something stupid too.

    • No_Nickname90

      Let them be infected. Y’all wanna steal those paid apps and complain about freemiums? Well users can just have their money stolen.

      • Gerard Umbert

        the problem with your oppinion is that more as more people get’s infected, more “simple” users will start spreading it, and then, Android OS plattform will be fucked, since we all will have to pay for a anti-virus that will slow our systems down.

        U shoul’d take this a little bit more seriously, since we all want clean OS, this is just like STD’s … more infected people the less u will njoy urself

  • louched1

    Thanks for providing the link to Kaspersky’s report. Best part of the article!

  • Keith

    And I’m sure Kaspersky sales will go up this weekend.

    • Keith

      This trojan also seems like the most sophisticated yet for android phones, not the worst. It’s listed as 0.15 attempts of malware infections, it’s funny how they word that. So what’s a rough estimate of actual infected phones? They probably didn’t want to list such a small number.

  • androidscales

    what trolling atricle from Kevin. .if you side load apps out side the market its your fault this applies to iphone too

    • Simon Belmont

      You know, some apps can only be installed by sideloading. A lot of beta programs work that way.

      No point in generalizing so much. I’m guessing you meant pirated apps that one should have paid for.

    • Chris

      I had a feeling this was posted by Kevin when I saw the article title..

  • Max

    I have side-loading turned on because I use the amazon app store as well as the play store. I definitely wouldn’t mind if android allowed me to be more specific and ONLY grant amazon and not just any .apk i could accidentally click on to install. Sure its unlikely but why risk it? a simple would u like sideload from a source you have not previously approved pop up question would be useful.

    • No_Nickname90

      I don’t think you can “accidentally” sideload an app. Mainly because it ask you do you want to install. I have accidentally clicked the wrong apps to install, but I can click “Cancel”. LoL!!

      But being more secure wouldn’t hurt. I wouldn’t mind that added security. But then again, now thinking about it, wouldn’t everything you download from your Chrome browser be from the same source? Or most apps online from XDA are probably listed as Unknown source. So it wouldn’t be that beneficial. Hmm…

      • Max

        I suppose it would mostly apply to the amazon app store. It’s just that for something like amazon app store, I want to give full do whatever you want permission like I do now. But for something like an individual random .apk, I want as much warning/headsup as possible. The way it sits now it’s pretty all or nothing.

        Also I know it is insanely complicated, and really not beneficial to app developers or google, but I do dream of a world where super-permissions and the ability to individually allow permissions is available to the non-root world.

      • Simon Belmont

        There are permissions that let apps get installed without user interaction. That’s what had people pissed off when the Facebook app was mysteriously installing updates outside of the Google Play Store a few months ago.

        You’re right, though, in my most cases a user would have to voluntarily let the app get installed. I would hope most people don’t just say “yes, please install this random app I’ve never heard of.”

  • Earl Smith

    lol kaspersky wrote this virus then posted news about it

    • Sean Royce


  • androidscales

    some one kick this troll kevin off phandroid

  • Travar

    If I were a betting man, I’d say Kraperspersky wrote it. They should call this a ‘Seed’….. they plant it and water it and FERTILIZE it….. and profit from its fruits…… Just teasing, I’m sure they wouldn’t….. that would be mean.

    • Sean Royce

      If you were a betting man you’d lose that bet. Kaspersky have better things to do.

  • izzyt

    So if I dont have txting services, I have a galaxy tab 2 will that affect me? I have a antivirus installed on my tab, should I be worried?

    • sdrawkcab25

      as long as you aren’t downloading apps from shady sources, you shouldn’t be worried at all, just forget this article exists.

  • Patrick Bateman

    I got a virus from a trojan entering my backdoor :(

  • Alamudi Ab

    Kaspersky is a scam, such as anti-virus vendors other.

    they play your fear, then you are going to buy their anti virus.

    This is nonsense in the world of linux itself.

    all anti-virus vendors are scammers!!!.

  • Alamudi Ab

    “Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself…”

  • antifud

    hilarious. This is “Worst yet”, and yet it’s been shown to not be widespread at all?