Android users are at risk of picking up one of the “most sophisticated” trojans for smartphone to date, according to security firm Kaspersky. The newest malware scare, which is known as Backdoor.AndroidOS.Obad.a, infects the handsets of unsuspecting users and then proceeds to rack up charges to premium-rate SMS numbers, install additional malware, distribute malicious software to other phones via Bluetooth, and perform remote commands in the Android console.
It does so while hiding behind a veil of code obfuscation and takes advantage of a number of newly discovered security holes in the Android software. Because of this, Kaspersky’s experts are having a hard time tracking down and squashing the malware bug. The trojan provides itself with Device Administrator privileges and then hies itself, making it nearly impossible to delete the malicious file.
While the Backdoor trojan is potent, it also has a rather limited distribution at this point. This may be key in cutting off the problem before it spreads. The new malware accounts for only 0.15 percent of all infection attempts. Kaspersky has informed Google of the newly discovered security threat. A more in depth look at the code behind the trojan can be found at the source link below.
[via Kaspersky]
Does anyone notice that a lot of the mobile companies and gov’t are starting to be accused of things and pointing fingers at each other?
So it asks for admin rights, and some users are stupid enough to answer yes?
Not that it surprises me, but the user is the one to blame.
My understanding of this (in reading Android Police’s coverage on it) is that it doesn’t “ask” for admin rights. It brute forces those rights and then doesn’t show up in the Admin list.
This makes me believe that those on JB don’t have anything to worry about. Remember how Google has that new thing with installing APKs? I don’t think this trojan can work on JB.
Also notice how it just says “newly discovered security holes”. Yea? Well on which firmware? I can discover a new security threat on GB all I want. LoL!!
The problem is, you can still use the old package manager. When you go to install an APK, it pops up with a choice to use “Google Settings” or “Package Manager.”
I agree it’s pretty much your own fault if you accept permissions that you don’t understand, I wouldn’t sign a contract if I don’t understand it and accepting permissions without understanding them is pretty much the same, there is a reason Google lists them prior to installing an app.
You’ve got a typo towards the end of the second paragraph. Just a heads up :)
You’ve poor grammar in your post. Just a heads up. :)
Of course the guy that switched to iPhone had to write this one.
Also, there’s absolutely no way that an anti-virus company would do a write-up with a doomsday-like title. In fact, I have to think that if they accidentally misled anyone with that article, they’d immediately refund their snap-buy of Kaspersky for Android.
I definitely wouldn’t mind if android allowed me to be more specific
and ONLY grant amazon and not just any .apk i could accidentally click
on to install. Sure its unlikely but why risk it? a simple would u
like sideload from a source you have not previously approved pop up
question would be useful. http://mybestfriendmakes65dollarsper.qr.net/kkEj
^ This; however, manual installs from downloaded APK’s (e.g. from XDA attachments) might pose a problem. Then again, XDA could just make an app store for their devs. If Amazon can do it, anybody can.
And require a hardware event to grant Administrator. Accessibility requires the user to manually activate it, why does Administrator not have the same requirement?
This type of post is pointless without telling us how users are coming across this virus.
It’s not a virus. It is a trojan. This means you have to install an application that has this inside it. It does not spread itself.
If you do not pirate apps you likely have nothing to worry about.
A trojan is a virus.
This article doesn’t mention where this APK is spreading, which apps it is disguised as, whether they are pirated/sideloaded, or if they’re from any official app store/market.
Saying “unsuspecting users” is pretty vague.
No, it is not.
To be a virus it must spread itself. A trojan is when a supposedly good program contains a malware payload. Like the trojan horse.
Read the first sentence.
http://en.wikipedia.org/wiki/Computer_virus
So, what part of the replication process didn’t you understand when it says that it downloads additional malware apps and then attempts to distribute them via Bluetooth?
But *YOU* have to install the initial app yourself. That makes it a Trojan and not a Virus. As you yourself said, once installed it will download additional items, but *YOU* still have to do the initial install.
Y’all are arguing over whether a trojan is a virus? Who the hell cares?
However, I do agree that we should be made aware of where this malware is coming from.
I agree. This article is crap. No details at all… why did they even post this? No information about which apps are effected, nothing…. WT$?
I wonder what firmware this Trojan is on. JB has that security thing with installing APKs. So I don’t think it’s on JB. Notice the small percentage of users. I mean there could be new security holes, but they could have been found in the old firmware.
lolwut no a trojan is not a virus, they are both different types of malware.
A trojan is a program that appears to be benign but has malicious behavior.
A virus has the ability to copy itself to other files for the purpose of spreading itself to other hosts.
Also there’s the Worm which actively seeks out other hosts to infect.
Sounds like this particular thread is a trojan, it has no ability to spread it’s own infection unless people deliberately install it.
A worm is a self spreading virus, jesus that’s common 8th grade knowledge. A virus is simply an unauthorized executable that performs unexpected code. If that code allows remote access, it’s called a RAT or remote access trojan. If that code, or actually referred to as “payload” downloads extra files, it’s called a Trojan Downloader. Different types of viruses.
A browser exploit with privilege escalation could install itself without the user’s input, perhaps without their knowledge as well.
But yeah, keep studying and stay in school, and remember to question your professors, because if they’re teaching you to believe you are correct, they should be reported to their supervisors and fired.
Source: I know what I’m talking about, and you sir sound silly.
The “unsuspecting users” are those suckered into buying anti-malware apps as a result of doomsday posts from anti-malware vendors, and propagated by the media. I’m not saying that Android malware doesn’t exist, but those who download apps from questionable sources, yet are still “unsuspecting”, require adult supervision.
A trojan horse is malware, malware includes viruses and trojans. Since the definition of malware is any malicious software that tries to harm one’s computer, gather data or do anything intentionally undesirable to the attackee – we call trojans malware.
I have always heard trojans talked about as a subclass of viruses. But the distinction appears to be that a virus intends to spread itself and the trojan must be inside a seemingly harmless horse.
That’s why I don’t download horses.
Or cars.
Um, where’s the info on how it’s being installed? “watch out for this, but I won’t tell you where” What the hell?
You can bet with almost guaranteed certainty that it’s not found within the Play Store or Amazon appstore. As most others are saying, it’s probably found in some backwater Chinese app store that has paid apps for free.
Like play store and amazon appstore has so much security checks…
And how many cases of malware/viruses have you heard of being on either store?
Also, yes they do have security checks. As I understand it, Amazon has to approve the apps before they’re published (much like Apple’s appstore), and Google has Bouncer and probably a few other security checks that we don’t know about.
So I assume a hard reset wipe gets rid of it?
It usually does the trick
Or a restore if you’re rooted. So you don’t have to start that far back. And speaking of back-ups. I think I need to make one for my phone. I don’t have any. LoL!!
more fear mongering by Kaspersky. almost anyone with programming knowledge can write a virus/trojan, but it’s pointless if you can’t infect devices easily… this virus involves the user to granting the trojan admin rights and for Bluetooth infection, the users would have to accept the receiving of the file. this is hardly a risk.
and like other people have already mentioned… where are people being infected from…. probably known warez sites that already notorious for spreading malware, if you get a trojan from there, you almost deserve it, and a Darwin award.
This is likely the case. As now that Google is aware, anything on the Play Store that has this trojan will be locked/removed by Gooogle.
Technically, to receive a Darwin award from that they’d have to either die from it or the action would have to someone leave them incapable of reproduction…but I digress, you are right and I agree with you.
i know, was hinting(poorly) that they are also likely to die from doing something stupid too.
Let them be infected. Y’all wanna steal those paid apps and complain about freemiums? Well users can just have their money stolen.
the problem with your oppinion is that more as more people get’s infected, more “simple” users will start spreading it, and then, Android OS plattform will be fucked, since we all will have to pay for a anti-virus that will slow our systems down.
U shoul’d take this a little bit more seriously, since we all want clean OS, this is just like STD’s … more infected people the less u will njoy urself
Thanks for providing the link to Kaspersky’s report. Best part of the article!
And I’m sure Kaspersky sales will go up this weekend.
This trojan also seems like the most sophisticated yet for android phones, not the worst. It’s listed as 0.15 attempts of malware infections, it’s funny how they word that. So what’s a rough estimate of actual infected phones? They probably didn’t want to list such a small number.
what trolling atricle from Kevin. .if you side load apps out side the market its your fault this applies to iphone too
You know, some apps can only be installed by sideloading. A lot of beta programs work that way.
No point in generalizing so much. I’m guessing you meant pirated apps that one should have paid for.
I had a feeling this was posted by Kevin when I saw the article title..
I have side-loading turned on because I use the amazon app store as well as the play store. I definitely wouldn’t mind if android allowed me to be more specific and ONLY grant amazon and not just any .apk i could accidentally click on to install. Sure its unlikely but why risk it? a simple would u like sideload from a source you have not previously approved pop up question would be useful.
I don’t think you can “accidentally” sideload an app. Mainly because it ask you do you want to install. I have accidentally clicked the wrong apps to install, but I can click “Cancel”. LoL!!
But being more secure wouldn’t hurt. I wouldn’t mind that added security. But then again, now thinking about it, wouldn’t everything you download from your Chrome browser be from the same source? Or most apps online from XDA are probably listed as Unknown source. So it wouldn’t be that beneficial. Hmm…
I suppose it would mostly apply to the amazon app store. It’s just that for something like amazon app store, I want to give full do whatever you want permission like I do now. But for something like an individual random .apk, I want as much warning/headsup as possible. The way it sits now it’s pretty all or nothing.
Also I know it is insanely complicated, and really not beneficial to app developers or google, but I do dream of a world where super-permissions and the ability to individually allow permissions is available to the non-root world.
There are permissions that let apps get installed without user interaction. That’s what had people pissed off when the Facebook app was mysteriously installing updates outside of the Google Play Store a few months ago.
You’re right, though, in my most cases a user would have to voluntarily let the app get installed. I would hope most people don’t just say “yes, please install this random app I’ve never heard of.”
lol kaspersky wrote this virus then posted news about it
LOL U SO FUNNY XD XD XD
some one kick this troll kevin off phandroid
If I were a betting man, I’d say Kraperspersky wrote it. They should call this a ‘Seed’….. they plant it and water it and FERTILIZE it….. and profit from its fruits…… Just teasing, I’m sure they wouldn’t….. that would be mean.
If you were a betting man you’d lose that bet. Kaspersky have better things to do.
So if I dont have txting services, I have a galaxy tab 2 will that affect me? I have a antivirus installed on my tab, should I be worried?
as long as you aren’t downloading apps from shady sources, you shouldn’t be worried at all, just forget this article exists.
I got a virus from a trojan entering my backdoor :(
Kaspersky is a scam, such as anti-virus vendors other.
they play your fear, then you are going to buy their anti virus.
This is nonsense in the world of linux itself.
all anti-virus vendors are scammers!!!.
“Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself…”
https://plus.google.com/u/0/+cdibona/posts/ZqPvFwdDLPv
hilarious. This is “Worst yet”, and yet it’s been shown to not be widespread at all?