Friday, June 23, 2017
Home / Malware / Kaspersky unveils most advanced Android Malware to date

Kaspersky unveils most advanced Android Malware to date

Kaspersky Lab’s has uncovered a new trojan that targets the Android OS and has been classified as the most sophisticated malware seen yet.  The researcher Roman Unuchek described the Android trojan, dubbed Backdoor.AndroidOS.Obad.a or “Obad”, in a post on Kaspersky Lab’s Securelist blog.

The malevolent code seems suprsingly similar to Windows malware in the respect of typical mobile threats.  The coders of the Android trojan Obad implemented multiple levels of encryption and code obfuscation to hide its source.  They also exploited several zero-day vulnerabilities in Google’s OS. The exploits permit the attackers to get total control over the victim’s device, the Android trojan is then able to acquire Device Administrator rights and hide its presence from the list of applications that have such privileges.

Android-trojan

Once the Android device is infected, the Android trojan runs via stealth mode, it then functions in the background staying in direct contact with Command and Control servers (C&C) receiving commands also via SMS text messages.

Obad is able to allow the bot masters to execute commands via a remote shell implemented by the malware.  This remote shell allows to send files to all detected Bluetooth devices around the victims, it can operate as a proxy server and it is also able to block the device’s screen for up to ten seconds, to mask its activities.

Following the complete list of commands:

  • Send text message. Parameters contain number and text. Replies are deleted.
  • PING.
  • Receive account balance via USSD.
  • Act as proxy (send specified data to specified address, and communicate the response).
  • Connect to specified address (clicker).
  • Download a file from the server and install it.
  • Send a list of applications installed on the smartphone to the server.
  • Send information about an installed application specified by the C&C server.
  • Send the user’s contact data to the server.
  • Remote Shell. Executes commands in the console, as specified by thecybercriminal.
  • Send a file to all detected Bluetooth devices.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …