The unknown Trojan specializes in Android
For more than three months, Kaspersky Lab analysts have been investigating the Trojan Obad.a, a new malware specializing in Android.
It has come to light that behind the Trojan is a new structure that researchers have now been able to identify for the first time. This is the first time in the history of cybercrime that a Trojan has spread through botnets, most likely backed by criminal groups. The identification also revealed that the program called Obad.a mainly affects the countries of the old CIS (Commonwealth of Independent States). According to surveys, about 83 percent of the virus has been identified in Russia, Ukraine, Belarus, Uzbekistan, and Kazakhstan.
The virus spreads in a special way to Trojan-SMS.AndroidOS.Opfake.a. with a virus. This double infection method starts with a text message that the unsuspecting user receives, in which the program asks you to download the contents of the message. When the victim clicks on the link, a Trojan named Opfake.a in the file is automatically downloaded to the smartphone or tablet.
The malicious file can only be installed if the user launches it, after which the Trojan sends additional messages to all of the user’s contacts, thus infecting many more smartphones and tablets. Clicking on the link in the text message will start downloading the Trojan Obad.a, a very well-organized system, which is no better evidenced by the fact that a Russian mobile operator reported that more than 600 infected messages were identified within five hours.
Aside from mobile botnets, this highly complex Trojan is also responsible for countless spam messages, one of the main carriers of which is the Obad.a Trojan. Typically, a message warns the user that he has an “unpaid debt” to one of the service providers, which acts as a bait for the unsuspecting user to follow the link, automatically downloading the Obad.a Trojan to his mobile device, which is activated and installed after use. device.
This fake application distributes the already widespread Backdoor.AndroidOS.Obad.a. also, which also copies the content of Google Play pages, replacing the original link with an infected one.
“In the last three months, we have identified 12 versions of Backdoor.AndroidOS.Obad.a. called a Trojan. Each of these viruses used the same features and high-level coding blur techniques, and similarly targeted only devices running the Android operating system. As soon as we identified these malware, we informed Google, who of course closed all loopholes in Android 4.3. However, unfortunately, few new smartphones and tablets run with this new version, which implies the fact that devices running on older operating systems are still at risk. ” Said Roman Unuchek, a leading antivirus expert at Kaspersky Lab.
