Mobile Trojan Takes on New Technique to Infect Phones

Sue Marquette Poremba
Slide Show

Study Reveals Abuse of Mobile App Permissions

In the spring, the Obad Trojan made news as the most sophisticated mobile Trojan out in the wild. When I first heard about it, my initial reaction was that it won’t be the most sophisticated Trojan for long – after all, mobile is a huge new target for the bad guys and phone users still lag behind in mobile security, preferring speed over everything else.

However, as we’ve seen with other Trojans, they tend to morph into something slightly different so they can beat the defenses and inflict even more harm to our computers. Not surprisingly, the Obad Trojan has done just that. What is a bit surprising, though, is just how quickly it happened – just a few months after its initial discovery. According to the folks at Kaspersky Lab, the criminals behind the Obad Trojan have adopted a new technique to spread their malware: For the first time in the history of mobile cyber crime, a Trojan is being spread using botnets controlled by other criminal groups. As Roman Unuchek explained in a blog post:

So far we have discovered four basic methods used to distribute different versions of Backdoor.AndroidOS.Obad.a. The most interesting of these methods were the ones where Obad.a was distributed along with another mobile Trojan - SMS.AndroidOS.Opfake.a.


This double infection attempt starts with a text message to users, urging them to download a recent text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet. The malicious file can only be installed if the user then launches it; should that happen, the Trojan then sends further messages to all the contacts on the newly infected device. Clicking the link in these messages downloads Obad.a.

Along with mobile botnets, Obad is also distributed using SMS spam, fake Google Play stores, and redirection from cracked sites.

According to Help Net Security:

Google has, of course, been notified of the vulnerability and has already fixed it. Unfortunately, not all users have upgraded to the patched 4.3 version of the OS. Those who haven't and wonder if they have been affected can download version 11.1.4 of Kaspersky's Internet Security for Android or Trend Micro's Hidden Device Admin Detector app and deal with the problem.

It isn’t a Trojan we are seeing much in the US just yet, but that isn’t any reason to ignore it or to shrug off any updates and patches for Android. I really do think this is just the tip of the iceberg of Trojans targeting mobile devices, and we need to be prepared.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data