Android malware is becoming more like Windows malware, “in other words, more dangerous to users,” Mathew J. Schwartz reports for InformationWeek. “One of the latest, a Trojan application called Odad.a… creates an attacker-accessible backdoor on infected Android devices, can download and install additional malware, infect nearby devices with the malware — via Wi-Fi or Bluetooth — and receive further instructions from the attacker. For good measure, the malware also can send SMS messages to premium phone numbers, thus generating revenue for attackers or their business associates.”
“‘At a glance, we knew this one was special,’ said Roman Unuchek, a security researcher at Kaspersky Lab, in a blog post citing the fact that whoever developed the malware not only built in numerous capabilities, but also carefully hid the code to make it difficult to detect or study,” Schwartz reports. “Although the malware is somewhat rare, it’s reportedly being distributed in a typical way: most likely disguised as a legitimate app via “alternative app stores and fishy websites,” reported Android Police.”
Schwartz reports, “Whoever built the malware took advantage of three different flaws in the Android operating system, or related software, to make the malware more difficult to detect or eradicate… From a user-interface standpoint, it also means that once the malware infects the device, a user can’t revoke those privileges or even delete the application through the operating system… Using these privileges, the malware can disable access to the device’s screen for up to 10 seconds, which is likely used to conceal bad behavior, because it ‘typically happens after the device is connected to a free Wi-Fi network or Bluetooth is activated,’ said Unuchek. ‘With a connection established, the Trojan can copy itself and other malicious applications to other devices located nearby… Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits. This means that the complexity of Android malware programs is growing rapidly alongside their numbers.'”
Read more in the full article here.
Read also: “The most sophisticated Android Trojan” by Roman Unuchek, Kaspersky Lab Expert.
MacDailyNews Take: Open. Wide open.
[Thanks to MacDailyNews Reader “Chris Renaldi” for the heads up.]
Related articles:
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010″>FBI’s Android security warning means Apple’s iPhone beats Android for BYOD enterprise – October 16, 2012
If it’s self-replicating, it is no longer a just a “trojan.” It is a VIRUS.
Yes, it’s real Windows malware like.
It’s a Trojan (an app that’s a wolf in sheep’s clothing) that creates a backdoor for a virus (a pathogen that replicates and spreads to others).
A malware type is typically named after it’s most immediate behavior. It this case it’s a Trojan horse. Trojan’s are the #1 type of malware at this time, actual viruses being a rarity.
What malware does after it infects a system has become increasingly complex as malware rats become increasingly sophisticated as well as increasingly motivated by criminal exploitation of others.
http://Mac-Security.blogspot.com
Android is “open,” as in “open as Swiss cheese.” 😆
As in a Jersey girl’s legs on a Saturday night.
“…iOS unaffected”
MDN needs this in the headline (harking back to the Windows virus stories that were so prevalent on this site in the past).
Battling viruses is like the mark of Cain for a Windows user. For an Android user, Android is the virus…tapping into all your personal data.
But… something, something, something… MARKET SHARE!
yeah something is making Android descent in Market Share…
wait yes, its the truth, actual truth that Android is a mess, the truth is causing something all a stir
May the Schwartz be with you.
Boy, I can’t wait until Apple announces next week that iOS 7 is going to be open like Android because that’s what the people really want!
I assume you meant to end that post with:
/sarcasm
This malware/virus will actually be able to Phone Home!
The next big thing is here… and now on the units next me… and now on the ones a little further away…
It’s a VIRGEN (happens when a Male Trojan mates with a female Virus).
Available only on Android.
Andriod is a social OS and is open for all to develop programs for or to a developers dream. Now with Android, you can join in social experiment and share their dream without ever having to make an effort… Isn’t that special!
Sophos: When Malware Goes Mobile
Click to access Sophos_Malware_Goes_Mobile.pdf
“In 2011 SophosLabs observed 81 times more Android malware than in 2010—an 8,000% leap. In 2012 SophosLabs has already seen 41 times more malware than in all of 2011—a growth rate of nearly 4,100%.”
You want malware? You want Android.
So, no real issue then!? If you are silly enough to purchase into the Windows/Android world, you get what you deserve.
Actually the MDN take”Open. Wide open” should have read:
Wide. Open wide!
I would not rust Android.
Open like Goatse!
So basically it enables root access on the phone without the users knowledge or consent, installs itself as a system app that can’t be removed at all even if you do a factory reset, and then infects other phones via wifi and bluetooth. Clever.
The only way to get rid of something like that would be to do a system partition format, and then reinstall your ROM. Possibly format the data and cache partitions too just to be safe. In the process however you’d be deleting all your apps and all data stored on the phone.
Lesson: Do your research before installing any app from somewhere other than Google Play. Read the comments, look up the reputation of the site you’re downloading from, use your own judgment. As I’ve said before, no matter how secure a system is, it can be hacked almost always through the user.