Android malware spotting hitching a ride on mobile botnet
Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed.
"For the first time malware is being distributed using botnets that were created using completely different mobile malware," said Kaspersky Lab expert Roman Unuchek in a report.
The culprit is trojan called Obad.a, which the company has already branded the most sophisticated piece of mobile malware it has spotted. It comes in 12 flavors so far, and usually spreads via SMS, hacked apps websites, or in the dodgier end of the Android market scene.
Now it appears the Obad boys have teamed up with the makers of malware called Opfake.a, which uses a separate method of propagation by exploiting a flaw in Google Cloud Messaging. GCM was designed to ping out updates and fix phone settings remotely, and allows the sending of 4KB messages to anyone using a specific application.
Kaspersky have found more than a million installers of Opfake in circulation so far. The code sets up a backdoor communications channel to C&C servers, then starts pinging out premium text messages, stealing contacts, and spamming itself outwards – but now some copies are carrying Obad as an extra payload.