IT security firm Kaspersky claims it has discovered the “most sophisticated” Android trojan yet.
Identified by Kaspersky as “Backdoor.AndroidOS.Obad.a”, the mobile menace can send SMS to premium-rate numbers, download other malware and install them on the infected device, as well as send malware to other devices via Bluetooth, and remotely perform commands in the console.
Obad is also extremely well concealed, by means of code obfuscation, and it uses several previously undocumented security holes in the Android operating system to make it very hard to analyse.
Once the trojan is executed on a device, it immediately tries to obtain Device Administrator privileges. Then, it becomes a real nightmare.
“One feature of this Trojan is that the malicious application cannot be deleted once it has gained administrator privileges: by exploiting a previously unknown Android vulnerability, the malicious application enjoys extended privileges, but is not listed as an application with Device Administrator privileges,” said Kaspersky Lab Expert Roman Unuchek.
Kaspersky representatives said they have already informed Google about the vulnerability in question.
The only good news about this trojan is that it’s not very widespread. According to Kaspersky, it amounts to no more than 0.15 per cent of all malware infection attempts on mobiles.
You can find more information about the Backdoor.AndroidOS.Obad.a trojan here.