Android trojan attempts to spread via Bluetooth

Android trojan attempts to spread via Bluetooth

Summary: Here's one more reason to stick with Google Play and not install apps that come via SMS.

TOPICS: Android, Security

A security researcher has found what he claims is the most sophisticated Android trojan yet, currently speading by SMS spam, which goes to great lengths to hide itself and tries to replicate on nearby Bluetooth-enabled devices.

Like other Android malware, the trojan is designed to earn its controllers money by forcing the infected device to send text messages to premium-rate numbers. But what's rare about Obad.a, according to Russian security vendor Kaspersky Lab, is that it exploits previously unknown vulnerabilities in Android to remain invisible.

The malware is not widespread and so far has relied on malware-laden SMS to spread, but it contains an impressive list of capabilities that puts it on par with the sophistication of Windows malware, according to Kaspersky Lab malware researcher Roman Unuchek.

"Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits," Unuchek notes in a blogpost.

The makers of Obad.a have found and used two previously unknown flaws in Android to create its cover from victims and a third in an open source software DEX2JAR, which helps it avoid probing from security researchers.

The trojan is designed to gain device administrator privileges but will not appear in the infected device's list of apps with such privileges, making it difficult for users to remove. This was one of the flaws Kaspersky said it had reported to Google.

The malware sends the victim's device data to a remote command and control server. Information it sends to the server includes the MAC address of the Bluetooth device, the name of carrier, the device's phone number and unique IMEI number, the phone user's account balance, and whether or not device administrator privileges have been obtained.

The malware can also take instructions from the attackers via SMS, such as which premium SMS numbers to text or instructions to scan for nearby devices with activated Bluetooth and share a file selected by the attacker.

Once it has admin privileges, the trojan can also block the device's screen for 10 seconds, and this action typically occurs after the device connects to a wi-fi network or enables Bluetooth. Once a connection is established, Obad.a can copy not just itself but additional malware.

Topics: Android, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Switch away from Linux, it isn't safe

    Stick with an OS that was designed from the ground up to be secure: WP8.

    There is no malware for WP8 but there is a ton for Linux. That proves it. There is no possible other explanation for why there is so much Linux malware but none for WP8.
    • A 16 year old can develop maleware for WP8

      But why tell the truth when a simple lie will do?
      • An alleged prototype?

        Too funny, you can't make this stuff up.

        But, since you brought it up, do alleged prototypes "count" now? Go on the record or run away, your choice.
        • toddbottom3...we can always count on you to come up with some new fud

 and Loverock Davidsons posts to get a better insight rather than qualfied writers like SJVN or James Kendrick is really the funniest thing you've ever posted, oh I left out your other buddy Owllllllnet as his post are a total scream also......I'm sure everybody here on Zdnet wait all day long with baited breath to here your every word....NOT

          End Of Story......Period
          Over and Out
          • i don't have to wait around all day...

            they hit up every article as soon as they're posted
        • You make this stuff all the time.

          A 16 year old hacked WP8. Just think of how easy a target your designed with perfect security OS is for a motivated smart person.
          • Teenagers are dumb and unmotivated?


            Don't tell that to George Hotz, the first person to smash through ios security. According to you then, ios sucks.
          • And a PS

            There was no "alleged prototype" when George crushed ios. Unlike your link.

            Too funny to see you admit that alleged prototypes now count as malware. osx just got hit with a ton of viruses that count, something you guys promised could never happen.
          • Where is the prototype malware

            The link tells about an "alleged prototype" to be revealed later - in november 2012!

            My calendar says 2013. Seems like it didn't really materialize. No record of the *alleged* presentation at the conference.

            Could it be that an attention seeking teenager made it up? Nah, no way!

            Meanwhile, not a single piece of malware exists for Windows Phone 8 (or 7 for that matter).

            At the same time Linux on phones (like Android) is knee-deep in malware, trojans and worms trying to infect other phones over bluetooth.
          • At the same time Linux on phones (like Android) is knee-deep in malware

            No it's not, I have a Nokia N9 which runs MeeGo (which is proper GNU/Linux) and there is no malware for it, you and toddybottom are as always full of FUD.
    • Oh Toddy!

      Not sure why any coder worth his/her weight in energy drinks would bother with the pitifully small WP8 market that's whithering on the vine.
      • So absence of malware on WP8 doesn't prove it is better designed?

        Marketshare plays a major factor?


        Did anyone bother telling osx users?
        • Marketshare plays a major factor?

          Yes it plays a major factor in the amount of malware being written for a given OS, but it doesn't play a factor in how effective that malware is on a given OS.
    • With every post you make

      I can visualize you running to the bank to make another deposit from your Microsoft paycheck.
    • are you saying

      that Microsoft OS is safe? Redmond still recommends a " good antivirus software". A difference between the MS windows and Android situation is that at least for the latter you can see what damage a an app (running in the sandbox) might do to you, is noway possible on Windows where people have been hitting with malware like trojoans and viruses for 15-20 years.
    • There is no malware for WP8 but there is a ton for Linux

      If you replaced the word Linux with Android then you would be right for once, but you didn't so your not, as usual.
  • This is called a trojan

    ... because you must invite it in.
    If I choose to install a program that is going to steal all my data it's my problem. I can make one for iOS or WP.
  • "[Backdoor.AndroidOS.Obad.a] exploits previously unknown vulnerabilities"

    Google will be quick to patch the vulnerabilities in Android. And users of unlocked Nexus devices will likely be the first to get the patch. But, how quickly will this patch be pushed through the Android ecosystem out to Android device users?

    The vulnerabilities behind this exploit would be a great opportunity to map the patch through various Android versions (how far back to these vulnerabilities go? To version 2.3?), various OHA Android device models and Amazon Kindle Fire tablets.

    And with Google's new policy on releasing details of in-the-wild exploits after a week, how many Android devices will have the patch pushed to them before the week expires? Waiting ...
    Rabid Howler Monkey
    • which exploit?

      • Exploits (plural)

        There are two Android OS exploits:

        See the section titled "The Trojan’s quirks".
        Rabid Howler Monkey