Obad is the Baddest Android Trojan on the Block

obad_android_trojan

There is a new Android Trojan in town and this is one bad dude. Backdoor.AndroidOS.Obad or “Obad” as it is known on the street, is the most sophisticated Trojan ever seen, rivaling the capabilities of Windows based malware.

Yesterday a Malware Analysts Expert from Kapersky Labs released an announcement on a new Trojan that seemed like it was written for Windows and not an Android Device.

Earning it the dubious title “The Most Sophisticated Android Trojan“.

Sure it sends SMS messages to high rate numbers like many other Android malware apps, but there are several new features that really set this one apart. According to the report, Obad also has the following capabilities:

  • Downloads and installs other malware programs
  • Propagates malware to other devices via Bluetooth
  • Fully functional remote Command & Control

The ability to download other malware programs has been a Windows Trojan staple feature for a long time. But being able to use Bluetooth as a springboard to infect other devices is pretty concerning.

Obad_android_trojan01

Obad’s Command & Control features allow cyber criminals to send commands via SMS messaging, use a remote shell, download remote files, pull application & personal data from the phone, and attack other devices by using Bluetooth.

Another unique feature is that Obad can also freeze the display for up to 10 seconds to hide what it is doing from the device owner.

Using obfuscated code and several new vulnerabilities, Obad definitely raises the stakes in the mobile malware department. Thankfully it is not very well wide spread at the moment.

For more information check out the Kapersky Team’s complete analysis.

New Mobile Malware and How to Defend Against it

Just watched a very good Mobile Malware update video from Hacking Exposed!

I haven’t really been keeping up with smart phone tech or smart phone viruses, but the webinar was very informative. The speaker covered several of the current malware threats. I was actually surprised to see how closely they behave to PC viruses.

Android.Nickispy once installed, has the ability to store all conversations and the GPS coordinates of the phone. The data is saved in an audio file in a directory called “Shangzhou” on the SD Card RAM. Then, just like in a PC bot virus, the files are pushed up to a command and control server.

The speaker’s theory about recording the GPS locations with the call was that some large un-named country that has been snarfing a log of military and intelligence data could focus on cell phones in a certain area.

He also mentioned Android:Soundcomber. Soundcomber is a proof of concept trojan. It records phone calls and uses audio processing to pull credit card numbers from voice communications. In the demo, the user calls a credit card company and on the first call speaks his (fake) credit card number into his phone. On the second call, the user enters his credit card number via the keypad.

Using audio processing, Soundcomber pulled the correct credit card numbers from both calls and displayed them on the command and control server.

A lot more was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed.

Finally, how to defend against mobile malware was discussed. Surprisingly, the techniques were very similar to the PC world:

  • Don’t run programs from publishers that you don’t know and trust
  • Set strong passwords
  • Disable unnecessary startup apps
  • Disable unneeded Wi-fi, GPS and Bluetooth radios
  • Minimize remote unlocking services
  • and run Mobile whitelisting or Anti-Virus software

This is just a quick overview of the hour long video. The video should be posted on the Hacking Exposed website soon, check it out, it is very informative and well worth the time.