Besides installing itself and allowing remote attackers full access to the device, Obad downloads additional malware to the target device, runs up phone charges by sending SMS messages to premium-rate services, and spreads malicious files to other devices via Wi-Fi or Bluetooth connections.
It appears that the app can only infect devices which have been configured to allow apps to install from third-party sources.
Dan Goodin reports that Google has updated functionality to detect the malware and provide a warning to users when it is downloaded from an app source or browser.
Some security experts have warned of the danger posed by attackers who compromise a trusted developer's credentials and use them to upload malware to trusted download sites.
Fortunately, the attack does not appear to be widespread yet, based on analysis by Kaspersky.
No comments:
Post a Comment