“Most sophisticated Android malware ever” using other Android botnets to spread
For the first time, mobile malware has been spreading with the help of non-related botnets, according to researchers.
The Obad malware, which was described as the most sophisticated malicious Android software ever in June, is spreading with the assistance of the Opfake Trojan, security experts from Kaspersky discovered.
Android malware combining
Opfake is delivered via SMS messages, which ask the user to click on a link to access an MMS message. Once clicked, the malware is downloaded onto the victim’s device. The command and control server running that can then order the infected phone to send messages to all contacts containing a link to Obad.
Kaspersky came across the unusual activity after a leading Russian mobile operator saw 600 messages containing Opfake links sent across its network over a five-hour period.
The security firm concluded the Obad controllers had rented part of a mobile botnet to spread their nasty software.
“That means that the owners of Backdoor.AndroidOS.Obad.a not only command their own software to spread itself, they also take advantage of Trojans operated by other cyber criminals,” said Roman Unuchek, Kaspersky Lab Expert, in a blog post.
Obad has been exploiting a flaw in Android, which was closed in Android 4.3. “Unfortunately, this version is currently available on a limited number of new smartphones and tablets – devices which use earlier versions of the platform are still at risk,” Unuchek added.
The malware sends text messages to premium rate numbers to earn money for the crooks without the user knowing it. Obad can also download additional malware and even send it to other phones via Bluetooth.
What do you know about Internet security? Find out with our quiz!