Security firm Trend Micro has spotted an advanced Android malware called ANDROIDOS_OBAD that is said to be equipped to avoid being uninstalled from devices and triggers more malicious code.
ANDROIDOS_OBAD is believed to have been developed by the same malware authors behind ANDROIDOS_JIFAKE.
According to Trend Micro, the new malware family has general stealth and anti-reverse procedure for both normal users and security researchers.
Following installation, it seeks root privileges and activates the device administrator, while the ANDROIDOS_OBAD’s gaining root privilege assists the malware in assuming complete control of the device and offers complete access to the hacker.
The malware is also capable of hiding the launcher, and run as a background service with the highest priority; automatically launch Wi-Fi connections and connect to remote server (http://www.{BLOCKED}ofox.com/load.php); gather user’s contacts, call log, SMS inbox and installed apps; download, install and uninstall apps; and distribute malware to other phones through Bluetooth.
Trend Micro Mobile Threats analyst Veo Zhang said that ANDROIDOS_OBAD shares similar features with that of its predecessor ANDROIDOS_JIFAKE.
"The latter is a fake app installer that tricks user into installing and executing them, after which it will silently register as a service connecting to remote servers as it waits for commands," Zhang said.
"The remote server can then trigger sending premium text messages and do the same ‘anti-uninstall’ tricks."
If users want to uninstall the device application app, they have to disable under Settings->Security->Device Administrators, while an unpublished Android vulnerability can be exploited to cover the deactivation option.
Further, users are forced to enable the malware as device admin app with no way to disable it.
