Mobile malware targets Android with criminal botnets

2013-09-20 14:12
Google's Android mobile operating system has grabbed three out of four smartphones sold in the world in the first quarter of 2013. (Duncan Alfreds, News24)

Google's Android mobile operating system has grabbed three out of four smartphones sold in the world in the first quarter of 2013. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - A security company has revealed what it claims is the first case of a Trojan malware being spread by collaborating criminal groups.

Kaspersky Lab said that Obad.a, malware that targets Android powered devices, was being distributed by botnets controlled by other criminal groups.

A botnet is a collection of infected computers controlled by a hacker or group. In many cases, user behaviour is exploited, resulting in a computer being infected with malware and leading it to become part of such a network.

"In total, 83% of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan," Kapersky said, indicating that the infections are, for the moment, limited mainly to Eastern European countries.

The company explained how the infection likely occurs.


"The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet."

The malware then sends messages to all the user's contacts urging them to repeat the process.

A related scam involves sending spam. Users are tricked into following a link claiming an unpaid debt and download the malware on the device.

As Android powered devices begin to make up the operating system on most mobiles, criminals have moved swiftly to exploit user ignorance to compromise the smart devices.

The Backdoor. AndroidOS.Obad.a malware is also able to create a fraudulent Google Play Store storefront, complete with copies of the content, but that contain malicious links.

Google Play Store

"When legitimate sites are cracked and users are redirected to dangerous ones, Obad.a exclusively targets mobile users - if potential victims enter the site from a home computer nothing happens, but smartphones and tablets of any operation system could be redirected to those fake sites (although only Android users are at risk)," said Kaspersky.

The security company said that the code was spreading especially to devices running older versions of Android.

Latest version

"In three months we discovered 12 versions of Backdoor. AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware Device Administrator rights and made it much more difficult to delete," said Roman Unuchek, antivirus expert at Kaspersky Lab.

The company informed Google and the vulnerability has been closed for versions of Android 4.3, but Unuchek said that only a small percentage of devices had the latest version of the OS.

"However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android."

- Follow Duncan on Twitter
Read more on:    google  |  kaspersky lab  |  mobile

Join the conversation! encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24


Man scores date with tennis superstar after Twitter bet

It’s a modern day Cinderella story, but one American man took ‘shoot your shot’ seriously in 2017.


You won't want to miss...

Who are the highest paid models of 2017?
10 gorgeous plus-sized models who aren't Ashley Graham
5 top leg exercises for men
10 best dressed men of 2017
Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.