A new trojan recently identified as “Backdoor.AndroidOS.Obad.a” is being described by Kaspersky as the most sophisticated Android trojan to date. The nasty bit of code utilizes several undocumented security holes to wreak havoc in a number of different ways.
Once the trojan successfully infects a device, its first goal is to obtain Device Administrator rights. If successful, it can’t be deleted and enjoys additional privileges as it is able to hide itself from the list of running applications.
So what sort of chaos can this trojan cause? Well, for starters, it’s able to send SMS messages to premium-rate numbers to collect revenue for the attacker. If that weren’t enough, it can download and install other malware on the device and even spread malware to nearby handsets over Bluetooth and Wi-Fi. Obad even allows an attacker to issue malicious commands via SMS.
Kaspersky Lab expert Roman Unuchek noted in a blog post that this looks more like a Windows malware than to other Android trojans based on the complexity and the sheer number of previously unknown vulnerabilities it expoits.
The good news for Android owners (if you can call it that) is that the trojan’s reach isn’t widespread at this point. At present, Obad represents just 0.15 percent of all malware infection attempts on mobile devices. The team at Kaspersky has already reported their findings to Google and with any luck, a fix will be incoming in the near future.