The malware which has recently been discovered, takes advantage of hitherto unknown weaknesses in the Android platform, by borrowing advanced functions that are closer to a malicious application plaguing a Windows device, making it the world’s most malicious Trojan for the Android platform.
The malware is named Backdoor, and hasn’t managed to affect the Android ecosystem too badly at present. As opposed to the more benign Android malware, the surreptitious Obad.a utilises Android bugs that weren’t known previously unknown. It can be transmitted through Bluetooth and Wi-Fi connections allowing hackers to issue malicious commands through standard SMS text messages.
“To conclude this review, we would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits. This means that the complexity of Android malware programs is growing rapidly alongside their numbers,” says discoverer, Roman Unuchek, expert at Kaspersky Lab, in a blog post.
Among the more advanced features of the malware are the capability to be remotely controlled by SMS messages. It can be instructed remotely by hackers to connect to new command and control servers, where infected phones upload sensitive user data and receive app updates.
“By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges,” Unuchek said. “As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges.”
According to experts tracking the development, the complicated nature of the malware is an indication of the fact that going forward these malwares are likely to become increasingly complicated, difficult to detect and even more difficult to stop.