The Obad.a Android Trojan first analysed by Kaspersky Lab in June has turned out to have an innovative and predatory ability to piggyback on botnets controlled by third-party criminal networks.
This behaviour was spotted when the firm noticed that smartphones that had been infected with the hugely successful but apparently unrelated Opfake.a Trojan were being used as a launching pad for Obad.a to send malicious links to everyone in that victim's address book.
According to Kaspersky, the malware was also being spread via convincing-looking copies of the Google Play store as well as a campaign of mobile spam. Someone wants to get Obad.a on to as many Android devices as possible.
So far, they've been successful in Russia with a smaller number of infections in nearby republics such as Ukraine, Belarus, Uzbekistan and Kazakhstan. One Russian mobile network had detected 600 of Obad's spam messages in a matter of hours, suggesting that its piggyback tactic was working, Kaspersky said.
"In three months we discovered 12 versions of Backdoor.AndroidOS.Obad.a. All of them had the same function set and a high level of code obfuscation, and each used an Android OS vulnerability that gives the malware DeviceAdministrator rights and made it much more difficult to delete," observed Kaspersky researcher, Roman Unuchek.
The vulnerability in question had been closed in Android 4.3 which meant that large numbers of devices not running this version remained vulnerable, he added.
"Obad.a, which uses a large number of unpublished vulnerabilities, is more like Windows malware than other Trojans for Android."
Although Obad.a is at core just another SMS fraud Trojan targeting Russian Android users, its complexity and innovation has surprised researchers. As well as exploiting flaws in Android, it has been designed to download secondary capabilities as it pleases.
Last month, research by Lookout Mobile Security reckoned that the Russian criminals sector dedicated to creating mobile SMS fraud apps could be controlled by as few as 10 organisations.
Sign up for CIO Asia eNewsletters.