alt=
203x44-linked-in
News  Android
Green and black Bomb

Backdoor.AndroidOS.Obad

That's the name given to a new Android virus discovered by Kaspersky labs, and it looks to be the worst one yet.

It's a trojan which simultaneously attacks on multiple fronts including an attempt to gain root access. Most users don't know, nor need to know, what root access allows, and the major manufacturers ship their handsets with this disabled for security. However, both Android enthusiasts and hackers know full well if a handset has been rooted their Apps can access all its data unrestricted.

A sophisticated command and control system, runnning on remote servers, sets the handset up so that it not only "phones home" with all the data, but then becomes a zombie under the control of the bad guys.

Hides itself by having no UI and running as an Administrator service

Once installed, this App runs as a Service and hence has no visual interaction with the user. However, it is just a regular App which has to get into the handset somehow in the first place - and that means the user must have granted it the permissions it asked for to do so. Furthermore, this App hasn't come from Google Play, their offical App store, so the user must have somehow enabled side loading and hence gone against Googles advice in order to install it.

Obad uses two previously unknown Android exploits - one which tampers with the standard AndroidManifest.xml file which all Android Apps use, to hide itself, and the second is to elevate itself to Administrator level access. Once it has gained Administrator level, it can perform several operations which regular Apps are denied access to.

Not currently widespread

Symantec are reporting the Wild Level as "Low", whilst Kaspersky Labs have described how, once installed, the App starts working in the background trying to gain access to unsecured WiFi connections and any paired bluetooth devices.

Another worrying feature of this virus is its ability to make it extremely difficult for an ordinary user to delete it, due to its advanced masking techniques.

Although not currently widespread, the fear is this becomes the template for the next-generation of Android malware.