ANDROIDOS_OBAD.A
Information Stealer, Premium Service Abuser, Click Fraud, Malicious Downloader, Spying Tool
Android OS
Threat Type: Backdoor
Destructiveness: Yes
Encrypted:
In the wild: Yes
OVERVIEW
This Android malware installs itself as an administrator and uses a vulnerability found in Android.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor may be downloaded from app stores/third party app stores.
TECHNICAL DETAILS
Arrival Details
This backdoor may be downloaded from app stores/third party app stores.
Other Details
This backdoor connects to the following possibly malicious URL:
- http://www.{BLOCKED}ox.com/load.php
NOTES:
This malware disguises itself as Device Administrator app and root app.
Users cannot cancel the app's message prompt, even back to home screen. It repeatedly shows a message prompt, specially after device reboot.
If user chooses to activate the Device Administrator, the malware runs in stealth mode. Users cannot find it in Device Administrator list and uninstall it.
It executes the following routines in the background:
- Distributes malware via Bluetooth
- Downloads, installs and uninstalls packages (with root priviliges this can be done silently)
- Gathers user’s contacts, call logs, SMS inbox and installed apps
- Hides launcher, which runs in the background service and set to highest priority
- Opens Wi-Fi connections and connects to remote server
SOLUTION
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.