Obad.a: First ever Trojan Affecting Mobiles, Spreading via Botnets

Kaspersky labs had issued a statement saying that a Trojan called ‘Obad.a‘ have been detected in the recent months, which targets mobile devices and is the first ever to be reported. Its being spread in the form of an Android app and massive attacks have been reported mostly from CIS countries.

Kaspersky labs specialists have been analyzing how the malicious Android app ‘Obad.a’ Trojan, for over a quarter of this year. Eighty Three percent of attempted infections were recorded in Russia, also experts detected it on devices in Ukraine, Belarus, Uzbekistan & Kazakhstan.

One version of ‘Obad.a’ Trojan spreads with another Trojan ‘SMS.AndroidOS.Opfake.a‘. This infection attempt starts with a text message to users with a web link, asking to download a recently received text message. If clicked, a file containing Opfake.a will be downloaded automatically to the device.

[advt]Anyhow, the file will not be installed if the user does not launch it. If they did, then the Trojan sends messages to all the contacts on the infected device. Clicking the link in these messages downloads ‘Obad.a’. One Russian mobile network provider reported more than 600 messages containing these links within just five hours.

Apart from using mobile botnets, this Trojan is also distributed by spam messages. This is a major carrier of the Obad.a Trojan. Typically a warning message with a link to the user, reminding about unpaid ‘debts’ and if they click the link Obad.a will be downloaded automatically on the mobile device.