Another piece of news came from the ever-growing world of malicious software for the operating system Android. Trojan called Backdoor.AndroidOS.Obad.a got its name from Kaspersky Lab to fix it and is a much more complex structure than most similar programs for Android, using several previously unknown vulnerabilities of the operating system, obfuscation (obfuscated) code and resisting attempts to uninstall .
This Trojan may be a prototype of a class of viruses, having got in, he cleverly hides its presence until the moment until it’s too late. First it uses the vulnerability associated with the file AndroidManifest.xml. Similarly, the file explaining the structure and components of the program, has every Android-app. Considered a trojan uses this file to hide their true intentions and ensure the installation of the application.
After installing most of the application code remains in an encrypted state, making it difficult to detect. Decryption code components is performed only when required to use them. Thus, the address of the management server are encrypted as long as there is no validated for Internet access.
Then the Trojans begin to use another previously unknown vulnerability in the function of Android Administrator. Some applications request access to the administrator is able to block the screen, read the notice and to remotely wipe data from the device. We Obad.a such a goal, and he needs administrative rights, as the Trojans with them can not be removed.
standard applications that a user has administrative rights, can at any time be deprived of them and removed. However, the exploit used trojan does not display it in the list of applications with administrative privileges so that the user even being aware of the presence of infection, not able to remove it. In addition, the Trojan does not have its own interface, acting as a service in the background.
secure itself as a sophisticated way, the Trojan starts typical of malicious activity, which should not be sending the user’s personal information, downloading and installing additional viral applications, sending spam contacts from the address book, including high-priced premium SMS . Less familiar activity of such a program is to search for devices with Bluetooth-connection for the purpose of sending them a copy of itself. If the infected device available root-law, via commands from a remote server, with it you can do essentially anything.
So again confirmed in the growing popularity of Android malware writers circles and the appearance of more and more complex programs that use its vulnerabilities.