Kaspersky Labs researchers discovered the Trojan recently, and have named it Backdoor.AndroidOS.Obad.a. That’s not a very imposing name for what may be the most sophisticated piece of Android malware to date, as well as the prototype for a new generation of aggressive security-evading mobile trojans. From the instant Obad.a arrives on a system, it is geared toward avoiding detection until it’s too late.
The first big Android vulnerability Obad.a uses relates to the processing of the AndroidManifest.xml file. Every Android app has a manifest file, which tells the OS about its structure and components. Obad.a’s manifest is malformed in a way that hides its intentions and ensures installation.
Even when Obad.a gets a foothold on a system, it keeps most of its code encrypted to make identification that much more difficult. Components are only decrypted when needed. For example, the addresses of the command and control servers are not decrypted until an internet connection is verified.
Security researchers discover dangerous Android malware
Posted on Monday, June 10 2013 @ 20:21 CEST by Thomas De Maesschalck