Android Trojan Obad.a Trojan spreading via mobile botnets discovered

According to Securelist.com, Obad.a infects in two steps along with another mobile Trojan named as TrojanSMS.AndroidOS.Opfake.a.  This Trojan was noted as one of the most sophisticated Trojan by Kaspersky this May.

The infection starts when a legitimate user gets a text message with following text.

“MMS message has been delivered, download from www.otkroi.com”.

When a user click on the link, a file named mms.apk the Trojan Trojan-SMS.Andrid.Opfake.a is downloaded automatically to the smartphone. ( smartphone OS) . The use has to run it to install the malware or else it will not do it itself. If user runs the malware , the  Command & Control server can instruct the infected smartphone to send out the message below to all the contacts from address book.

“You have a new MMS message, download at – hxxp://otkroi.net/12”

When a user clicks the link from the text , it loads Backdoot.Android.Obad.a under the name mms.apk or mmska.apk

T As per Kaspersky lab analysis, approx. 600 messages were sent out in 5 hours with one of the Trojan-SMS modifications.  Most of the delivery was via infected devices using SMS gateways.

The interested part was, only a few devices infected with Trojan-SMS.AndroidOS.Opfake.a distributed links to Backdoor.AndroidOS.Obad.a.

As reported, there are 12 versions of Backdoor.AndroidOS.Obad and all of them had the same level of code obfuscation. Google closed out the security hole in Android 4.3 version.

Entire article can be found here

Share Button
Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>