Attackers have now set their target on android OS and they are exploiting the android vulnerability due to which attacker can easily creep into a user's phone without changing the digital signature of that app.This could get them control remotely over victim's phones that can lead to sending SMS, disabling the security of phone and stealing of data.Till now six apps of android have been detected as hijacked.
It seems that attackers have set their target on android platform which is the emerging technology for the smartphones and they are exploring each and every opportunity to exploit it.
Android.Obad and Android.Fakedefender are more sophisticated types of malwares which have been discovered on the Android.These malwares can exploit the device admin previledges
Android.Obad
It is a trojan and it exploit victim by sending messages to premium rates causing extra cost for the user.It can download malicious applications and sends them to bluetooth enabled device and remotely perform malicious actions.
How it get access to admin device
When Android.Obad launches , it force user for admin previledges and it shows the deactivated cancel button and user left with only option to activate it.
Once it gets admin access ,it goes deeper inside the system and hide itself and user is helpless and has nothing to do other than removing the application .Android.Obad malware make use of reflection codes which are not easily detectable to analyst and in addtion strings and function names are encrypted upto multiple layers of polymorphic techniques.
It exploits the following vulnerability of android
- It try to modify the AndroidManifest.xml by droppping some of its components that removes the android capability to detect malware.
- It takes admin previledge which allow it to hide from admin list.
Andriod.Fakedefender
It is also a trojan and to show itself it try to make fool of user by making use of popular icons like facebook ,twitter or skype and after getting installed on device it displays itself as Android defender.
How it get access to admin device
When Andriod.Fakedefender launches , it also repeatedly ask the user for admin previledges and without user's consent or choice it get admin previledges and after that it start notifying user about security threats and malwares that are actually not present.It also tempt the user to buy some of the apps to remove such threats and sometimes it prevent users to do anything until they make payment.
It is also dangerous as it collects useful information about user's phone details including user's credentials and send them to remote server.
Just like the Android.Obad it is also very difficult to remove Android.defender as it take on the admin previledges and change the settings and after that user is not even able to do factory reset.
So we would like to suggest all users to be alert on such application which requests for admin previledge , otherwise it would be just like as if you are broadcasting your information including personal details and credentials.
No comments:
Post a Comment