Google Adds Detection For Obad Malware

Just a follow-up to our story from last week on Obad, the new family of mobile malware that affects Google Android devices: In an e-mail to The Security Ledger on Friday, Google acknowledged the existence of the Trojan horse program and has updated its detection tools to be able to identify it.

Android Zombies
Google says it added detection for the Obad Trojan to its Application Verification Tool to prevent infections via third party app stores.

In an e-mail, a Google spokeswoman said that the malware, dubbed “Obad” by Kaspersky Lab, was not found on the company’s Google Play application store. The company  added detection for the new malware to its Application Verification Tool, which protects Android users who tried to download it from a third-party application store or browser.

Obad, or Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan” that primarily acts as an SMS Trojan, surreptitiously sending short message service (SMS) messages to premium numbers. It was first described in a blog post by Kaspersky Lab researcher malware researcher Roman Unuchek last week.

Unuchek called the newly discovered Trojan the “most sophisticated” malicious program yet detected for Android phones. Among other things, Obad employs advanced code obfuscation techniques and leveraged a previously unknown vulnerability in Android that allowed it to elevate access permissions on Android systems, giving the malicious executable administrative access and preventing it from being removed.

Google did not respond directly to questions about the vulnerabilities in Android described by Kaspersky which could, in theory, be exploited by other malicious programs.

The news of Obad is just the latest to raise questions about the security of third-party application stores, which are the leading source of malicious mobile programs. Android devices now account for 75% of new mobile devices sold. Unlike its chief rival Apple Computer, however, Google supports third-party app stores for Android. Security experts have cautioned that Android’s decentralized application ecosystem is easier to compromise than Apple’s AppStore model, which the Cupertino company tightly controls.

The security of Android mobile devices is coming under increasing scrutiny. The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission in April  calling on the Federal Government to take action to stem an epidemic of unpatched and insecure Android mobile devices.

Spread the word!

Comments are closed.