Mobile malware targets Android with criminal botnets

2013-09-20 14:12
Google's Android mobile operating system has grabbed three out of four smartphones sold in the world in the first quarter of 2013. (Duncan Alfreds, News24)

Google's Android mobile operating system has grabbed three out of four smartphones sold in the world in the first quarter of 2013. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - A security company has revealed what it claims is the first case of a Trojan malware being spread by collaborating criminal groups.

Kaspersky Lab said that Obad.a, malware that targets Android powered devices, was being distributed by botnets controlled by other criminal groups.

A botnet is a collection of infected computers controlled by a hacker or group. In many cases, user behaviour is exploited, resulting in a computer being infected with malware and leading it to become part of such a network.

"In total, 83% of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan," Kapersky said, indicating that the infections are, for the moment, limited mainly to Eastern European countries.

The company explained how the infection likely occurs.


"The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet."

The malware then sends messages to all the user's contacts urging them to repeat the process.

A related scam involves sending spam. Users are tricked into following a link claiming an unpaid debt and download the malware on the device.

As Android powered devices begin to make up the operating system on most mobiles, criminals have moved swiftly to exploit user ignorance to compromise the smart devices.

The Backdoor. AndroidOS.Obad.a malware is also able to create a fraudulent Google Play Store storefront, complete with copies of the content, but that contain malicious links.

Google Play Store

"When legitimate sites are cracked and users are redirected to dangerous ones, Obad.a exclusively targets mobile users - if potential victims enter the site from a home computer nothing happens, but smartphones and tablets of any operation system could be redirected to those fake sites (although only Android users are at risk)," said Kaspersky.

The security company said that the code was spreading especially to devices running older versions of Android.

Latest version

"In three months we discovered 12 versions of Backdoor. AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware Device Administrator rights and made it much more difficult to delete," said Roman Unuchek, antivirus expert at Kaspersky Lab.

The company informed Google and the vulnerability has been closed for versions of Android 4.3, but Unuchek said that only a small percentage of devices had the latest version of the OS.

"However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android."

- Follow Duncan on Twitter
Read more on:    google  |  kaspersky lab  |  mobile
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.