It looks like there is a new Android Trojan around, one that is totally different from the malware we've seen so far. The Trojan is highly complex and it's capable of performing a high number of malicious actions, according to Secure List.
The Trojan is called Backdoor.AndroidOS.Obad.a, and it's actually more similar to the threats meant for Windows. This new threat utilizes various exploits, some of them being quite new to security researches that work for Kaspersky, the company that found the new malware.
Once it gets installed into Android devices, Obad.a can perform a wide range of tanks, and it seems that it can't be removed because it does not even have an interface acting stealthily from the background. This is very serious as the user of the device will have no idea that he is using a malicious application.
Obad.a is encrypted, and requires an internet connection for it to install and cause damage. However, once the Trojan gets installed, it will have full access to the Android device as administrator, and it will also gain root privileges. The bad thing is that the list of applications that have this sort of powers won't be listed.
According to Kaspersky, there are tons of malicious actions that Obad.a is capable of such as: act as a proxy (it can send data to a certain address, and communicate the response); PING; sent text messages; send files to removed Bluetooth devices; get account balance through USSD; connect to a certain address; download files within the server, as well as install it; send a set of app installed on the handset to the server; Remote Shell (it can execute commands in the console, as set by the cybercriminal), and probably the most important is the fact that the malware can send personal information to the server.
The bad thing is that the malware is very hard to detect as it arrives encrypted before it gets installed on the handset, and because it exploits only specific vulnerabilities. Nevertheless, in spite of the fact that it's very complex and dangerous at the same time, the Obad.a Trojan is not widely spread. It seems that only a few devices have been infected, with many of the devices being located in Russia. Meanwhile, no one knows who created the malware and why.
Moreover, it looks like the malicious application is downloaded from an unknown source as the is no connection between it and Google's Play Store. However, Google has taken knowledge of its existence and what vulnerability it uses. If the Trojan gets repackaged into applications that seem harmless and that are available on Google Play, imagine how widely it can spread.
That's why we recommend you to be very cautious when downloading Android applications, no matter the source (except for the highly popular ones developed by known companies). If you are careful when installing software on your mobile devices you won't have to deal with malware like this one. Also, you can use various security apps that can help you in protecting your handset, but if you download only apps you are certain that are safe, you won't experience any problems whatsoever.