New Android Trojan app exploits previously unknown flaws - billupsthavite

A newly discovered Trojan program exploits antecedently unknown flaws in Android and borrows techniques from Windows malware in order to evade signal detection and accomplish persistence on septicemic devices.

Security measures researchers from antivirus stable Kaspersky Science laborator named the New malicious application Backdoor.AndroidOS.Obad.a and labeled IT the most sophisticated Android Trojan program to date.

The malware is premeditated to get off SMS messages to premium-rate numbers game and allows attackers to execute rogue commands on infected devices by opening a removed trounce. Attackers can use the malware to steal any rather data stored on compromised devices or to download additional malicious applications that hindquarters comprise installed locally or dealt out to other devices complete Bluetooth.

The Obad.a Trojan program makes heavy purpose of encryption and cipher obfuscation in order to hinder analysis efforts, Kaspersky research worker Roman Unuchek same Thursday in a blog post.

An intelligent bug

"Malware writers typically essay to make the codes in their creations American Samoa complex Eastern Samoa thinkable, to make life much difficult for anti-malware experts," the researcher said. "However, it is thin to see concealment arsenic advanced as Odad.a's in mechanised malware."

To boot to using encryption and code obfuscation techniques, the malware also exploits previously unknown bugs in Android and third-party software, Unuchek said.

For example, the malicious application exploits an erroneousness in a nibble of software called DEX2JAR that's used by malware analysts to convince Humanoid application packages (APKs) into Coffee Archive (JAR) files.

"This exposure spotted by the cybercriminals disrupts the conversion of Dalvik bytecode into Coffee bytecode, which eventually complicates the statistical analytic thinking of the Trojan," Unuchek said.

The malware also abuses a bug in the way Android processes AndroidManifest.xml files. These files are found in every application and contain information about the application's structure and launch parameters.

The City program contains a specifically crafted AndroidManifest.xml that doesn't adapt to Google's stipulation, only is still pure correctly by the Android OS, Unuchek said. This makes dynamic analysis of the malware exceedingly troublesome, he said.

When first executed, Obad.a prompts users for device administrator privilege. Applications that gain this privilege can no longer be uninstalled through with the regular apps menu until they are removed from the administrators list in the security settings menu.

The Obad.a malware exploits a previously unexplored fault in the Android Osmium in order to hide itself from the administrators list, leaving users unable to revoke the privilege and uninstall the app. "We undergo already informed Google all but the Twist Administrator exposure in Android," Unuchek aforementioned.

In addition, on rooted devices, the malware tries to gain root privileges by executing the "su Idaho" bidding, said Denis Maslennikov, a senior malware psychoanalyst at Kaspersky Research laboratory, Friday via email. Similar gaining administrative privileges, gaining root access requires drug user permission, he said.

"Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android Trojans, in price of its complexity and the number of unpublished vulnerabilities information technology exploits," Unuchek said.

The new Trojan program is distributed through SMS spam, but is not very widespread at the moment. According to detection statistics from Kaspersky Lab, installation attempts for Obad.a amounted to only 0.15 percent of the total number of malware infection attempts along mobile devices over a three-day catamenia.

That said, Maslennikov believes that other Android malware threats will adopt advanced techniques like the ones misused past this malware in the future. "We think back that similar techniques are going to be more widespread very soon," he said.

Source: https://www.pcworld.com/article/452324/new-android-trojan-app-exploits-previously-unknown-flaws-researchers-say.html

Posted by: billupsthavite.blogspot.com