Bitdefender has introduced a new feature in its mobile security offering, following the discovery of the Obad trojan, which takes device admin privileges but afterwards won’t let go. Obad has been called the most complex Android trojan to date and, indeed, according to Bitdefender researchers even discovering how it works was a bit of a challenge, requiring some “brainstorming” on the part of the analysis team.
The code is highly obfuscated, way more so than what we’ve seen with other Android trojans to date.
However the biggest problem the team faced was removal – Obad was using a previously unknown vulnerability to avoid relinquishing device admin status. In the end, Bitdefender developed and added code which makes possible the removal of any third party app.
Fortunately, Obad trojan was not spread using Google’s software market, but is present in some third-party public markets. In the past 30 days, most Obad instances were detected and cleaned by Bitdefender sofware in the Phillipines, China and India.