Android 'Obad' Trojan piggybacks on another gang's mobile botnet

Uses Opfake campaign to spread itself

The Obad.a Android Trojan first analysed by Kaspersky Lab in June has turned out to have an innovative and predatory ability to piggyback on botnets controlled by third-party criminal networks.

This behaviour was spotted when the firm noticed that smartphones that had been infected with the hugely successful but apparently unrelated Opfake.a Trojan were being used as a launching pad for Obad.a to send malicious links to everyone in that victim's address book.

According to Kaspersky, the malware was also being spread via convincing-looking copies of the Google Play store as well as a campaign of mobile spam. Someone wants to get Obad.a on to as many Android devices as possible.

So far, they've been successful in Russia with a smaller number of infections in nearby republics such as Ukraine, Belarus, Uzbekistan and Kazakhstan. One Russian mobile network had detected 600 of Obad's spam messages in a matter of hours, suggesting that its piggyback tactic was working, Kaspersky said.

"In three months we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete," observed Kaspersky researcher, Roman Unuchek.

The vulnerability in question had been closed in Android 4.3 which meant that large numbers of devices not running this version remained vulnerable, he added.

"Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android."

Although Obad.a is at core just another SMS fraud Trojan targeting Russian Android users, its complexity and innovation has surprised researchers. As well as exploiting flaws in Android, it has been designed to download secondary capabilities as it pleases.

Last month, research by Lookout Mobile Security reckoned that the Russian criminals sector dedicated to creating mobile SMS fraud apps could be controlled by as few as 10 organisations.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags GooglewirelessNetworkingkaspersky labPersonal TechMobile &amp

More about GoogleKasperskyKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

More videos

Blog Posts