According to Securelist.com, Obad.a infects in two steps along with another mobile Trojan named as TrojanSMS.AndroidOS.Opfake.a. This Trojan was noted as one of the most sophisticated Trojan by Kaspersky this May.
The infection starts when a legitimate user gets a text message with following text.
“MMS message has been delivered, download from www.otkroi.com”.
When a user click on the link, a file named mms.apk the Trojan Trojan-SMS.Andrid.Opfake.a is downloaded automatically to the smartphone. ( smartphone OS) . The use has to run it to install the malware or else it will not do it itself. If user runs the malware , the Command & Control server can instruct the infected smartphone to send out the message below to all the contacts from address book.
“You have a new MMS message, download at – hxxp://otkroi.net/12”
When a user clicks the link from the text , it loads Backdoot.Android.Obad.a under the name mms.apk or mmska.apk
T As per Kaspersky lab analysis, approx. 600 messages were sent out in 5 hours with one of the Trojan-SMS modifications. Most of the delivery was via infected devices using SMS gateways.
The interested part was, only a few devices infected with Trojan-SMS.AndroidOS.Opfake.a distributed links to Backdoor.AndroidOS.Obad.a.
As reported, there are 12 versions of Backdoor.AndroidOS.Obad and all of them had the same level of code obfuscation. Google closed out the security hole in Android 4.3 version.
Entire article can be found here
