Connect with us

Hi, what are you looking for?

Android

First ever case of mobile Trojan spreading via ‘alien’ botnets

Over the last three months, Kaspersky Lab analysts have been investigating how the Obad.a Trojan, a malicious app for Android, is distributed.

Over the last three months, Kaspersky Lab analysts have been investigating how the Obad.a Trojan, a malicious app for Android, is distributed.

It transpires that the criminals behind the Trojan have adopted a new technique to spread their malware.

For the first time in the history of mobile cybercrime, a Trojan is being spread using botnets controlled by other criminal groups.

In total, 83% of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan.

Advertisement. Scroll to continue reading.

The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message.

If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet.

The malicious file can only be installed if the user then launches it. Should that happen, the Trojan sends further messages to all the contacts on the newly infected device, by clicking the link in these messages downloads Obad.a.

It’s a well-organized system — one Russian mobile network provider reported more than 600 messages containing these links within just five hours, pointing to a mass distribution. In most cases, the malware was spread using devices that were already infected.

Apart from using mobile botnets, this highly complex Trojan is also distributed by spam messages.

Advertisement. Scroll to continue reading.

This is a major carrier of the Obad.a Trojan. Typically, a message warning the user of unpaid ‘debts’ lures victims to follow a link, which automatically downloads Obad.a onto the mobile device. Again though, users must run the downloaded file in order to install the Trojan.

Fake application stores also spread Backdoor.AndroidOS.Obad.a. They copy the content of Google Play pages, replacing legitimate links with malicious ones.

When legitimate sites are cracked and users are redirected to dangerous ones, Obad.a exclusively targets mobile users. If potential victims enter the site from a home computer, nothing happens. But smartphones and tablets of any operation system could be redirected to those fake sites (although only Android users are at risk).

“In three months, we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete,” said Kaspersky Lab expert Roman Unuchek.

“As soon as we discovered this, we informed Google and the loophole has been closed in Android 4.3. However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android,” Unuchek said.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The agreement allows Lenovo to sell a portfolio of devices running enterprise-grade Android and dedicated device management from Esper, making it easier for enterprises...

APPS

Sophos researchers investigated the fake apps and found that many were very similar. Some included an embedded customer support “chat” option. When researchers tried...

HEADLINES

The multibillion-peso investment has enabled the two companies to block 3,020 domains that host illicit materials featuring children as mandated by the National Telecommunications...

HEADLINES

The discovered malicious files were masked under the guise of pdf, mp4, docx files about the coronavirus. The names of files imply that they...

HEADLINES

Whatever your reason, there are several ways to limit access to any website on your Android smartphone or tablet.

HEADLINES

Continuing a trend noted in SophosLabs’ 2020 Threat Report, the Snatch cybercriminals are now also exfiltrating data before the ransomware attack begins.

OPINIONS

Here are a few pointers that can help you determine if your computer has a virus. If you suspect any of the following, you...

HEADLINES

According to the cybersecurity company’s security experts, 98% of mobile malware are designed for the Android OS. This puts Android mobile users who use...

Advertisement