Obad.a Trojan now being distributed via mobile botnets
In late May we reported on the details of Backdoor.AndroidOS.Obad.a, the most sophisticated mobile Trojan to date. At the time we had almost no information about how this piece of malware gets onto mobile devices. We have since been examining how the Trojan is distributed and discovered that the malware owners have developed a technique which we have never encountered before. For the first time malware is being distributed using botnets that were created using completely different mobile malware.
So far we have discovered four basic methods used to distribute different versions of Backdoor.AndroidOS.Obad.a.
The most interesting of these methods were the ones where Obad.a was distributed along with another mobile Trojan – SMS.AndroidOS.Opfake.a. This was recently described in the blog GCM in malicious attachments. The double infection attempt starts when a user gets a text message containing the following text: