Latest Android Trojan is complex as Windows Vulnerability

05:18 05 August in Latest Threats

android-malware-sysflashMobile (mainly Android) malware is on the rise and according to Kaspersky Lab, its difficulty is also peaking.

This recently exposed Trojan has noticeably been designed by someone who knows quite a bit about the Android platform, as the maker has taken benefit of multiple known and previously unidentified errors and vulnerabilities in the O.S to make the analysis of the file hard.

An error in the software program used by analysts to translate APK files into the more convenient JAR format has been used to prevent such a conversion and make the statistical study of the Trojan more complex.

Two bugs in the Android OS itself have been used to alter a file that makes dynamic analysis of the malware harder, and to extended Device Administrator privileges to the app, but without making it noticeable (i.e. adding it to the list of applications which have such privileges.).

This, and the fact that the Trojan don’t have an interface, makes it impossible to remove it once the device is compromised.

The creators have also done a good job in encrypting and obfuscating most of the code – strings, names of classes and methods, and so on.

The Trojan is able to do a number of things: blocking the device’s screen for up to 10 seconds; harvesting information such as the name of operator, phone number, IMEI, phone user’s account balance, whether Device Administrator privileges have been obtained and send it to a remote C&C server; downloading additional malware; sending messages to premium-rate numbers; sending the download malware to other nearby devices via Bluetooth, and so on.

“Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans,” the researchers noted, referring both to its intricacy and the number of unpublished vulnerabilities it exploits

Chat With Our System Analyst To Remove All Kinds Of Threats And Get Online Technical Support.

No Comments

Post A Comment

Get instant support anytime, anywhere. Our technical experts are online 24/7.