ANDROIDOS_OBAD.A

 Analysis by: Veo Zhang

 THREAT SUBTYPE:

Information Stealer, Premium Service Abuser, Click Fraud, Malicious Downloader, Spying Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: Yes

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Android malware installs itself as an administrator and uses a vulnerability found in Android.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This backdoor may be downloaded from app stores/third party app stores.

  TECHNICAL DETAILS

File Size:

243828 bytes

File Type:

DEX

Memory Resident:

Yes

Initial Samples Received Date:

30 May 2013

Payload:

Compromises system security, Steals information

Arrival Details

This backdoor may be downloaded from app stores/third party app stores.

Other Details

This backdoor connects to the following possibly malicious URL:

  • http://www.{BLOCKED}ox.com/load.php

NOTES:

This malware disguises itself as Device Administrator app and root app.

Users cannot cancel the app's message prompt, even back to home screen. It repeatedly shows a message prompt, specially after device reboot.

If user chooses to activate the Device Administrator, the malware runs in stealth mode. Users cannot find it in Device Administrator list and uninstall it.

It executes the following routines in the background:

  • Distributes malware via Bluetooth
  • Downloads, installs and uninstalls packages (with root priviliges this can be done silently)
  • Gathers user’s contacts, call logs, SMS inbox and installed apps
  • Hides launcher, which runs in the background service and set to highest priority
  • Opens Wi-Fi connections and connects to remote server

  SOLUTION

Minimum Scan Engine:

9.300

TMMS Pattern File:

1.483.00

TMMS Pattern Date:

03 Jun 2013

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.