New Android Trojan is complex as Windows malware. Mobile (and especially Android) malware is on the rise and according to researchers from Kaspersky Lab, its complexity is also increasing. Case in point: Backdoor.AndroidOS.Obad.a. This newly discovered Trojan has obviously been constructed by someone who knows quite a bit about the Android platform, as the creator has taken advantage of multiple known and previously unknown errors and vulnerabilities in the OS to make the analysis of the file difficult. An error in the software program used by analysts to convert APK files into the (for the analysis) more convenient JAR format has been used to prevent such a transformation, complicating thusly the statistical analysis of the Trojan. Two bugs in the Android operating system itself have been used to modify a file that makes dynamic analysis of the malware harder, and to extended Device Administrator privileges to the app, but without making it obvious (i.e. adding it to the list of applications which have such privileges.). This, and the fact that the Trojan does not have an interface, makes it impossible to delete it once the device is compromised. The creators have also done a good job in encrypting and obfuscating most of the code - strings, names of classes and methods. The Trojan is able to do a number of things: blocking the device’s screen for up to 10 seconds; harvesting information such as the name of operator, phone number, IMEI, phone user’s account balance, whether Device Administrator privileges have been obtained and send it to a remote C&C server; downloading additional malware; sending messages to premium-rate numbers; sending the download malware to other nearby devices via Bluetooth, and so on. Source: net-security.org/dl/insecure/INSECURE-Mag-38.pdf
Posted on: Fri, 21 Jun 2013 19:29:41 +0000
Trending Topics
Recently Viewed Topics
© 2015