Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


Mobile malware targets Android with criminal botnets

20 September 2013, 22:35 Duncan Alfreds

Cape Town - A security company has revealed what it claims is the first case of a Trojan malware being spread by collaborating criminal groups.

Kaspersky Lab said that Obad.a, malware that targets Android powered devices, was being distributed by botnets controlled by other criminal groups.

A botnet is a collection of infected computers controlled by a hacker or group. In many cases, user behaviour is exploited, resulting in a computer being infected with malware and leading it to become part of such a network.

"In total, 83% of attempted infections were recorded in Russia, while it was also detected on mobile devices in Ukraine, Belarus, Uzbekistan and Kazakhstan," Kapersky said, indicating that the infections are, for the moment, limited mainly to Eastern European countries.

The company explained how the infection likely occurs.


"The most interesting distribution model saw various versions of Obad.a spread with Trojan-SMS.AndroidOS.Opfake.a. This double infection attempt starts with a text message to users, urging them to download a recently received text message. If the victim clicks the link, a file containing Opfake.a is automatically downloaded onto the smartphone or tablet."

The malware then sends messages to all the user's contacts urging them to repeat the process.

A related scam involves sending spam. Users are tricked into following a link claiming an unpaid debt and download the malware on the device.

As Android powered devices begin to make up the operating system on most mobiles, criminals have moved swiftly to exploit user ignorance to compromise the smart devices.

The Backdoor. AndroidOS.Obad.a malware is also able to create a fraudulent Google Play Store storefront, complete with copies of the content, but that contain malicious links.

Google Play Store

"When legitimate sites are cracked and users are redirected to dangerous ones, Obad.a exclusively targets mobile users - if potential victims enter the site from a home computer nothing happens, but smartphones and tablets of any operation system could be redirected to those fake sites (although only Android users are at risk)," said Kaspersky.

The security company said that the code was spreading especially to devices running older versions of Android.

Latest version

"In three months we discovered 12 versions of Backdoor. AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware Device Administrator rights and made it much more difficult to delete," said Roman Unuchek, antivirus expert at Kaspersky Lab.

The company informed Google and the vulnerability has been closed for versions of Android 4.3, but Unuchek said that only a small percentage of devices had the latest version of the OS.

"However, only a few new smartphones and tablets run this version, and older devices running earlier versions are still under threat. Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android."

- Follow Duncan on Twitter

- News24


Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
Wilson Ochieng
ODM MP chased down by angry Kibra...

Kibra MP Ken Okoth had a hard time in his constituency after angry youth pelted him with stones. Read more...

Submitted by
Wilson Ochieng
Prepare for DP Ruto fight in 2022...

An MP has warned that the Kalenjin Community will not stand back and watch as DP Ruto is duped ahead of the 2022 polls. Read more...

Submitted by
William Korir
Be careful who you deal with, DP ...

Watch out for your political future, DP William Ruto has been warned. Read more...

Submitted by
William Korir
Kikuyu 2022 vote will go to Peter...

The 2022 Kikuyu vote will go to Peter Kenneth, a Rift Valley Governor has warned DP William Ruto. Read more...

Submitted by
William Korir
CORD threatens to boycott 2017 po...

The CORD Coalition says that it will be forced to boycott the 2017 elections if there is no new voter register in place by the time. Read more...

Submitted by
Wilson Ochieng
Disgraced Jeptoo stripped of 2014...

Organizers of the Boston Marathon are stripping Kenyan runner Rita Jeptoo of her 2014 victory as part of the athlete's newly extended doping ban. Read more...