Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

SMS with malicious link spreads Android trojan

Kaspersky Lab UK : 09 September, 2013  (Technical Article)
Kaspersky has been tracking the Obad.a Trojan for Android devices discovering novel and effective distribution method
SMS with malicious link spreads Android trojan

Kaspersky Lab announces the results of recent research into a certain Android vulnerability. Over the last three months Kaspersky analysts have been investigating how the Obad.a Trojan, a malicious app for Android, is distributed. The research shows that the criminals behind the Trojan have adopted a new technique to spread their malware. For the first time in the history of mobile cybercrime, a Trojan is being spread using botnets controlled by other criminal groups. It also became clear that Obad.a is mostly found in CIS countries. In total, 83 per cent of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan.

The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet.

The malicious file can only be installed if the user then launches it; should that happen, the Trojan sends further messages to all the contacts on the newly infected device. Clicking the link in these messages downloads Obad.a. It’s a well-organised system: one Russian mobile network provider reported more than 600 messages containing these links within just five hours, pointing to a mass distribution. In most cases the malware was spread using devices that were already infected.

Apart from using mobile botnets, this highly complex Trojan is also distributed by spam messages. This is a major carrier of the Obad.a Trojan. Typically a message warning the user of unpaid ‘debts’ lures victims to follow a link which automatically downloads Obad.a onto the mobile device. Again, though, users must run the downloaded file in order to install the Trojan.

Fake application stores also spread Backdoor.AndroidOS.Obad.a. They copy the content of Google Play pages, replacing legitimate links with malicious ones. When legitimate sites are cracked and users are redirected to dangerous ones, Obad.a exclusively targets mobile users – if potential victims enter the site from a home computer nothing happens, but smartphones and tablets of any operation system could be redirected to those fake sites (although only Android users are at risk).

“In three months we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete. As soon as we discovered this, we informed Google and the loophole has been closed in Android 4.3. However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android,” said Roman Unuchek, a leading antivirus expert at Kaspersky Lab.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo