Kaspersky Labs has documented the Obad trojan as the most advanced Android malware attack in circulation. Its use of encryption and command-and-control server functionality are reminiscent of how the Storm worm botnet was continuously improvised by malware authors over time.
QUOTE: Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated. The file turned out to be a multi-functional Trojan, capable of the following: sending SMS to premium-rate numbers; downloading other malware programs, installing them on the infected device and/or sending them further via Bluetooth; and remotely performing commands in the console. Kaspersky Lab’s products detect this malicious program as Backdoor.AndroidOS.Obad.a.
Malware writers typically try to make the codes in their creations as complicated as possible, to make life more difficult for anti-malware experts. However, it is rare to see concealment as advanced as Odad.a’s in mobile malware. Moreover, this complete code obfuscation was not the only odd thing about the new Trojan.
The creators of Backdoor.AndroidOS.Obad.a also used yet another previously unknown error in the Android operating system. By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges. As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges. Finally, Backdoor.AndroidOS.Obad.a does not have an interface and works in background mode.