New Android malware (Backdoor intruder) Security firm Kaspersky reported on a new malware threat that it calls the most sophisticated it has seen in targeting Android phones. Nicknamed Backdoor.AndroidOS.Obad.a, this malware used a hole in the code packing system to create an executable that should be found invalid, but still gets processed on an Android smartphone, by planting deliberate errors in the AndroidManifest file. Once there, it can get elevated to the Device Administrator status, but using a security hole in Android, it will not get listed in the apps listing, making it impossible to remove. And the complexity doesn’t stop there. The malware uses a lot of encryption to keep all of its variable names secret, and it will go out through a network connection, downloading a part of the Facebook home page, and use that as its encryption key, to ensure it is truly online and able to connect to its control servers. Once it has set itself deep in your phone, it starts receiving commands from the command and control system to update itself, download more malware, and start sending expensive SMS messages to foreign numbers. All of this means that it was hard to find, hard to analyze, and could be modified on the fly to thwart attempts to remove it. In this particular case, right now the infection rate is still very low, with most victims being in Russia. Mobile antivirus software are also being modified to detect it. But the fact remains that this sort of complex malware was not seen before on mobile phones, only on desktops. It proves that smartphones have become a big enough target for even the most sophisticated criminals to go after them. Meantime Solution Use Microsoft ActiveSync to control what goes on these devices, and there are many popular third party tools like Citix’s XenMobile.
Posted on: Thu, 13 Jun 2013 11:39:15 +0000
Recently Viewed Topics
© 2015