Denis Konopiský

18 June 2013

Android:Obad - malware gets smarter - so does AVAST

Go to comments Leave a comment

det

If you had the privilege to meet Android:Obad, which Kaspersky earlier reported to be the “most sophisticated android malware,” you are in a real bad situation and this will probably be the moment to which you’ll be referring to in the future as “The time I learned the hard way what better-safe-than-sorry means.” A few days ago we identified a new variant of that threat. There is a chance you bumped into this bad guy before we started detecting it, because if our generic detections don't catch the malware there is always a short delay before it gets to us. In most cases, it isn't a problem to get rid of a malicious app - you just uninstall it after you find it. This time, that won’t work.

The problem we are facing here is called “Device administrator.” After you launch an app infected with Android:Obad, you will be asked to make the app the current device administrator, which will be only a few buttons away so it isn't hard to do. After you do so, there is no way back because this piece of malware uses a previously unknown vulnerability which allows it to get deeper into the system and hide itself from the device administrator list - the only place you can manage device administrators. You won't be also able to uninstall the app via Settings, because all the buttons will be grayed out and will not function.

scr

Lucky for you, avast! Mobile Security will save you from doing a factory reset and losing your data, which certainly is one of the solutions. But don’t worry, you are safe with us. With the latest update of avast! Mobile Security, we ensure you that even powerful Trojans like Android:Obad will be defeated, with fire if necessary. So, when you meet malware that utilizes device administrator features, keep in mind - avast! Mobile Security is what you need in order to get rid of it. First, you will see the good old warning that some application has been reported as malware (first picture) or you will see the test report that tells you that some applications are malicious.

screenX

Go ahead and click “Resolve all” to solve all problems or click on the one you want to solve, then select “Uninstall.” Next, you will see a dialog that will be titled “Device administrator” and it will ask you to Deactivate device administrator permission for the malicious app you are trying to uninstall.

screen2

Click “Deactivate” and let avast! Mobile Security do what needs to be done, using techniques that will involve some fire. Don’t worry though; the only thing that will be on fire is the malicious app that surely deserves such ending.

screen3

The very last thing that needs to be done is to click OK on the next screen, followed by another OK after the app has been uninstalled. All is done and you’re safe again.

Bad guys are trying every day to make more evil malware and they are moving forward but so are we, making our protection stronger. We keep up with malware - avast! Mobile Security is probably the only antimalware application that comes with the ability to clean Android:Obad and similar malware. So, as always the point here is that you should only use Google Play when you’re hunting for apps. You can get our avast! Mobile Security from Google Play as well.

This statement is true. Better safe than sorry.

Additional information:

Virustotal report for newly identified sample (7/ 47)

Virustotal report for previously discovered sample (16 / 46)

Virus Lab, avast, Android corner, malware, lab, mobile security, Android, Analyses, Android:Obad-A [Trj], obad, device administrator