SCF Advanced Search

  • Total Posts: 41270
  • Total Topics: 14828
  • Online Today: 810
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Security Apps, Malware Race to Be First On Your Mobile  (Read 3164 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Security Apps, Malware Race to Be First On Your Mobile

In China, there is a saying: “道高一尺,魔高一丈,” meaning “The law is strong, but the outlaws are sometimes stronger.”

In the last few weeks, a new Android malware we’re calling Android/Obad.A has appeared. It uses a number of techniques that have rarely been seen before in mobile malware. Android/Obad.A requests the victim to authorize its Device Administrator privilege request and exploits a system vulnerability to hide itself from the DeviceAdmin list to avoid being uninstalled. It also uses the commercial code obfuscation tool DexGuard to make reverse engineering and analysis more difficult.

It is interesting to note that although DeviceAdmin has been used by some security applications to avoid being accidentally or intentionally uninstalled, this is the first known instance of a sophisticated malware using DeviceAdmin.

"Click the images to make them larger"

Names of Android/Obad.A classes and variable have been obfuscated to hamper analysis.

Android/Obad.A requests DeviceAdmin privilege.

In addition to those techniques, Android/Obad.A does the following:

• Collects sensitive information: IMEI (International Mobile Equipment Identity, a phone serial number), operator name, phone number, and local time

• Encrypts the information and sends it to the attacker

• Executes commands from the control server, including:

  • sending SMS messages

  • downloading another package

  • installing a package

  • accessing a certain website

  • sending the contacts information to the attacker

  • sending itself to nearby devices through Bluetooth

  • more commands

These payloads have been seen in other mobile malware since the beginning of Android attacks. However, the malware author breaks new ground in antisecurity software techniques–by attacking antimalware software.

Previously, malware has used the basic technique of deleting or uninstalling antimalware programs. Some malware looked for specific versions or particular brands of antimalware; others targeted multiple brands. Antimalware programs now have real-time scanning to prevent malware from running and deactivating them. In contrast, sophisticated malware runs its own service to detect antimalware software being installed on the device and uninstalling it.

All this looks like a race between the security application and malware. Who runs faster, and who catches (detects) whom?

Unfortunately, some antimalware apps can’t remove Android/Obad.A even if they detect it–due to its DeviceAdmin privilege. An alternative way to combat Obad.A is to develop a special tool to reveal it, and then to disable its DeviceAdmin privilege and allow the antimalware product to remove it. We have recently updated our McAfee Mobile Innovations application, which has multiple features, with one to find hidden applications, including malware such as Android/Obad.A.

McAfee Mobile Innovations uninstalling Android/Obad.A.

McAfee Mobile Innovations completing the task of removing Android/Obad.A.

McAfee has a security product used in Japan that tightly integrated with the phone. This product is given root privilege by the manufacturer/operator, so it can detect Android/Obad.A and remove it without a special tool even if the malware is authorized with DeviceAdmin privilege.

Although Obad.A is sophisticated malware, MMS can still detect and remove it while it is installing–before it’s authorized to use the DeviceAdmin privilege. So we strongly suggest Android mobile phone users install McAfee Mobile Security.

There is also another old saying in China:”魔高一尺,道高一丈,” “As vice raises one foot, virtue raises ten.” Whatever malware appear and whatever technology they use, security applications will keep them out of your device.

Original article: Friday, June 28, 2013 at 1:23pm by Michael Zhang
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -


  • SCF VIP Member
  • *****
  • Posts: 3611
  • KARMA: 157
  • Gender: Female
Re: Security Apps, Malware Race to Be First On Your Mobile
« Reply #1 on: 02. July 2013., 07:31:51 »
Copy Paste FROM:

McAfee Security Innovations
McAfee Mobile Security

Get early access to cool new security and productivity tools in beta from McAfee. McAfee® Mobile Innovations provides you with an opportunity to try out groundbreaking new features and to give us feedback on how to improve them…or ditch them altogether. The list of features will grow and evolve over time based on your feedback.

*** UPDATE ***
Now includes Hidden Device Admin Detector to detect and remove applications that are hidden from the list of device administration applications. There is known malware (Android/Obad.a) that can take advantage of this vulnerability to hide itself from the user once installed and activated. If you are infected or want to detect any apps that leverage this vulnerability, download and use this feature.

Thanx & Karma!


~~~ ~~~

Conare nullius momenti videri fortasse missilibus careant
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist

Samker's Computer Forum -

Re: Security Apps, Malware Race to Be First On Your Mobile
« Reply #1 on: 02. July 2013., 07:31:51 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising