Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

June 17th, 2013

Android:Obad – malware gets smarter – so does AVAST

det

If you had the privilege to meet Android:Obad, which Kaspersky earlier reported to be the “most sophisticated android malware,” you are in a real bad situation and this will probably be the moment to which you’ll be referring to in the future as “The time I learned the hard way what better-safe-than-sorry means.” A few days ago we identified a new variant of that threat. There is a chance you bumped into this bad guy before we started detecting it, because if our generic detections don’t catch the malware there is always a short delay before it gets to us. In most cases, it isn’t a problem to get rid of a malicious app – you just uninstall it after you find it. This time, that won’t work.

The problem we are facing here is called “Device administrator.” After you launch an app infected with Android:Obad, you will be asked to make the app the current device administrator, which will be only a few buttons away so it isn’t hard to do. After you do so, there is no way back because this piece of malware uses a previously unknown vulnerability which allows it to get deeper into the system and hide itself from the device administrator list – the only place you can manage device administrators. You won’t be also able to uninstall the app via Settings, because all the buttons will be grayed out and will not function.

scr

Lucky for you, avast! Mobile Security will save you from doing a factory reset and losing your data, which certainly is one of the solutions. But don’t worry, you are safe with us. With the latest update of avast! Mobile Security, we ensure you that even powerful Trojans like Android:Obad will be defeated, with fire if necessary. So, when you meet  malware that utilizes device administrator features, keep in mind – avast! Mobile Security is what you need in order to get rid of it. First, you will see the good old warning that some application has been reported as malware (first picture) or you will see the test report that tells you that some applications are malicious.

screenX

Go ahead and click “Resolve all” to solve all problems or click on the one you want to solve, then select “Uninstall.” Next, you will see a dialog that will be titled “Device administrator” and it will ask you to Deactivate device administrator permission for the malicious app you are trying to uninstall.

screen2

Click “Deactivate” and let avast! Mobile Security  do what needs to be done, using techniques that will involve some fire. Don’t worry though; the only thing that will be on fire is the malicious app that surely deserves such ending.

screen3

The very last thing that needs to be done is to click OK on the next screen, followed by another OK after the app has been uninstalled. All is done and you’re safe again.

Bad guys are trying every day to make more evil malware and they are moving forward but so are we, making our protection stronger. We keep up with malware – avast! Mobile Security is probably the only antimalware application that comes with the ability to clean Android:Obad and similar malware. So, as always the point here is that you should only use Google Play when you’re hunting for apps. You can get our avast! Mobile Security from Google Play as well.

This statement is true. Better safe than sorry.

Additional information:

Virustotal report for newly identified sample (7/ 47)

Virustotal report for previously discovered sample (16 / 46)

  1. rahimali
    June 18th, 2013 at 07:46 | #1

    don’t you have to be rooted in order to allow device administrator access?

    (sorry been rooted so long dunno what unrooted can/can’t do)

  2. June 18th, 2013 at 08:27 | #2

    @rahimali
    No, ‘device administrator’ is special role, that exists even on non-rooted phones. Usually it is used by remote management/anti theft applications.

  3. Denis Konopiský
    June 18th, 2013 at 09:07 | #3

    @rahimali: no you don’t have to be rooted, that’s even in stock android. @chocholo is right

  4. rahimali
    June 18th, 2013 at 09:12 | #4

    Thanks!

  5. wastlwand
    June 19th, 2013 at 15:03 | #5

    Hey guys, I think I caught the Obad trojan on my Galaxy Tab. I did a factory reset but I read that this wouldn’t solve the problem. What is true now and what should I do next? Thanks in advance for your help!

  6. Denis Konopiský
    June 19th, 2013 at 15:52 | #6

    @wastlwand
    Hi. Factory reset will delete the trojan since it’s stored on the /data partition, that gets wiped. This is the truth. If you’re not sure whether your device is clean or still infected, scan it with avast! mobile security and you will see. If it’s still infected with Obad, please contact me directly at konopisky@avast.com.

  7. wastlwand
    June 19th, 2013 at 20:43 | #7

    Hi Dennis, thanks a lot for your quick reply. I’m relieved. Will try it out and get back to you in case it’s still infected. Cheers!

  8. wastlwand
    June 19th, 2013 at 20:44 | #8

    Sorry, spelled your name wrong. So once again: thanks, Denis!

  9. Denis Konopiský
    June 20th, 2013 at 07:06 | #9

    @wastlwand
    Hi, you’re welcome. And no problem, it happens a lot ;)

Comments are closed.