Cyber Crime First Mobile Trojan Botnets Spreading

PUNE: For the first time in the history of mobile cybercrime, a trojan is being spread using botnets controlled by other criminal groups, said a statement issued by the Kaspersky lab.

Over the last three months analysts have been investigating how the 'Obad.a' trojan, a malicious app for Android, is distributed. The criminals behind the trojan have adopted a new technique to spread their malware. It has also become clear that Obad.a is mostly found in CIS countries.

In total, 83% of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan.

The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet, the statement said.

The malicious file can only be installed if the user then launches it; should that happen, the trojan sends further messages to all the contacts on the newly infected device. Clicking the link in these messages downloads Obad.a. It's a well-organized system: one Russian mobile network provider reported more than 600 messages containing these links within just five hours, pointing to a mass distribution. In most cases the malware was spread using devices that were already infected.

Apart from using mobile botnets, this highly complex trojan is also distributed by spam messages. This is a major carrier of the Obad.a trojan. Typically a message warning the user of unpaid 'debts' lures victims to follow a link which automatically downloads Obad.a onto the mobile device. Again, though, users must run the downloaded file in order to install the Trojan, the statement said.

"In three months we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete. As soon as we discovered this, we informed Google and the loophole has been closed in Android 4.3. However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android," said an antivirus expert at the lab.

Shared From Times Of India

Latest News

LOADING LATEST NEWS....

Loading Blog Posts...

Loading Images...

Loading Videos...

Unknown

- Unknown Updated at: Monday, September 09, 2013