View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Trend Micro detects advanced Android malware

The new malware is believed to be developed by the same malware authors behind ANDROIDOS_JIFAKE.

By CBR Staff Writer

Security firm Trend Micro has spotted an advanced Android malware called ANDROIDOS_OBAD that is said to be equipped to avoid being uninstalled from devices and triggers more malicious code.

ANDROIDOS_OBAD is believed to have been developed by the same malware authors behind ANDROIDOS_JIFAKE.

According to Trend Micro, the new malware family has general stealth and anti-reverse procedure for both normal users and security researchers.

Following installation, it seeks root privileges and activates the device administrator, while the ANDROIDOS_OBAD’s gaining root privilege assists the malware in assuming complete control of the device and offers complete access to the hacker.

The malware is also capable of hiding the launcher, and run as a background service with the highest priority; automatically launch Wi-Fi connections and connect to remote server (https://www.{BLOCKED}; gather user’s contacts, call log, SMS inbox and installed apps; download, install and uninstall apps; and distribute malware to other phones through Bluetooth.

Trend Micro Mobile Threats analyst Veo Zhang said that ANDROIDOS_OBAD shares similar features with that of its predecessor ANDROIDOS_JIFAKE.

"The latter is a fake app installer that tricks user into installing and executing them, after which it will silently register as a service connecting to remote servers as it waits for commands," Zhang said.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"The remote server can then trigger sending premium text messages and do the same ‘anti-uninstall’ tricks."

If users want to uninstall the device application app, they have to disable under Settings->Security->Device Administrators, while an unpublished Android vulnerability can be exploited to cover the deactivation option.

Further, users are forced to enable the malware as device admin app with no way to disable it.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.