The most sophisticated Android Trojan
Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated.
The file turned out to be a multi-functional Trojan, capable of the following: sending SMS to premium-rate numbers; downloading other malware programs, installing them on the infected device and/or sending them further via Bluetooth; and remotely performing commands in the console. Now, Kaspersky Lab-s products detect this malicious program as Backdoor.AndroidOS.Obad.a.
Malware writers typically try to make the codes in their creations as complicated as possible, to make life more difficult for anti-malware experts. However, it is rare to see concealment as advanced as Odad.a-s in mobile malware. Moreover, this complete code obfuscation was not the only odd thing about the new Trojan.
The Trojan-s quirks
The creators of Backdoor.AndroidOS.Obad.a found an error in the popular DEX2JAR software v this program is typically used by analysts to convert APK files into the more convenient Java Archive (JAR) format. This vulnerability spotted by the cybercriminals disrupts the conversion of Dalvik bytecode into Java bytecode, which eventually complicates the statistic analysis of the Trojan.