Monday, May 16, 2022

Android Malware utilizing other botnets for infections

Kaspersky Lab has reported the first sighting of Android malware that piggybacks on separate mobile botnets and uses the resources of other malware once it’s installed.

“For the first time malware is being distributed using botnets that were created using completely different mobile malware,” said Kaspersky Lab expert Roman Unuchek in a report.

The perpetrator is trojan called Obad.a, which the company has already marked as the most advanced piece of mobile malware they’ve spotted. It comes in 12 variants thus far, and commonly spreads via SMS, hacked apps websites or in 3rd party app stores.

Now it seems the Obad boys have teamed up with the makers of malware called Opfake.a, which applies a separate formula of multiplication by exploiting a flaw in Google Cloud Messaging. GCM was configured to ping out updates and fix phone settings remotely, and allows for the sending of 4KB messages to anyone using a specific application.

Obad android malware infection stats
Obad android malware infection stats

“These peaks are the result of using third-party botnet resources – mobile devices infected with other malware,” said Unuchek. “That means that the owners of Backdoor.AndroidOS.Obad.a not only command their own software to spread itself, they also take advantage of Trojans operated by other cybercriminals.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …