Kaspersky Lab employees discovered a new malware for the Android operating system. From the incident, they would not have inflated a big problem if the trojan they had found was not so “good”: its behavior is not at all like the behavior of other viruses. Malver exploits various vulnerabilities, blocks all attempts at uninstallation, and also tries to seize administrator privileges to ensure the ability to execute commands remotely. Backdoor.AndroidOS.Obad.a is the name of the most sophisticated computer virus for Android ever seen by computer security experts.
Detected two previously unknown vulnerabilities for Android, used by Obad. In the installation file of the virus contains a modified file AndroidManifest.xml, which is part of any Android application. The first serious vulnerability is in the processing of this file by the system. Theoretically, it should not be processed at all by the system, but its installation runs smoothly.
Once inside the system, Obad launches its second Android exploit, which allows access to administrative rights. By becoming an “Android administrator,” Obad gains the capabilities available to most anti-virus applications. After executing the necessary command to remove the virus, it becomes almost impossible, because it is not even in the list of applications allowed for use approved by the administrator.
Based on a mobile device, the virus begins to investigate the system, checking for Internet connections and access to system files. When a free wireless network is detected, the Trojan establishes a connection and copies itself and other malicious applications to all connected devices.
The Obad Android device is encrypted, which prevents some of the most important components from being converted to their original form until the virus connects to the Internet. This complicates its detection and further analysis. This Trojan does not even have an interface - the program is fully running in the background. The high level of complexity and new vulnerabilities make it more like a virus for the Windows operating system, rather than for the Android mobile platform.
To date, Backdoor.AndroidOS.Obad.a has a very limited distribution, but is quickly spread around the world by alternative app stores and phishing websites, warn in Kaspersky Lab. Google has already been informed about the problem, which gives us hope for the elimination of critical vulnerabilities in the near future.
Be careful and beware of scams!
The article is based on materials .
Comments
Post a Comment