Online security firm Kaspersky has reported about what they claim as the “most sophisticated” Android malware yet. The trojan, which Kaspersky identified as “Backdoor.AndroidOS.Obad.a,” has the ability to send text messages to premium-rate phone numbers and even other malware into the infected device. This newly-discovered malware (let’s call it Obad for short) can even send other malicious software to other devices through Bluetooth and perform commands remotely in the console.
Kaspersky also says that Obad Android malware conceals itself extremely well using code obfuscation, so casual Android users would not be able to find where the malware is stored. It also exploits a number of previously unreported security loopholes in Android, making it very difficult to analyze.
Once Obad is installed onto a device, it immediately attempts to obtain Device Administrator privileges. If the trojan succeeds, this is when the nightmare starts.
“One feature of this Trojan is that the malicious application cannot be deleted once it has gained administrator privileges,” Kaspersky’s lab expert Roman Unuchek said in a statement. “By exploiting a previously unknown Android vulnerability, the malicious application enjoys extended privileges, but is not listed as an application with Device Administrator privileges.”
Spokespersons for Kaspersky have said the firm has already informed Google about the security loophole in question.
On the good side, the newly-discovered Android malware is not yet widespread, with no more than 0.15 percent of all malware infection attempts on mobile devices, according to Kaspersky.