How to Remove New Hidden Android Malware

Device Admin Risk [London, UK] Back in early June, Symantec’s Security Response team discovered a new piece of particularly nasty Android malware, named Android.Obad. As our unique Alert Card explained when the threat was revealed, this Trojan is capable of stealing information from Android devices and downloading files to your handset. It also sends SMS messages to premium-rate numbers, and can spread malware to Bluetooth-enabled devices.

The malware hides itself in innocent-looking apps, and once installed, it asks users to give permission for administrative privileges – but the real concern here is that it’s able to remain unseen in the Device Administrators list on your handset. This means that using normal methods, Android users will be unable to uninstall the app – as its admin privileges need to be deactivated prior to an uninstall option being accessible. This sneaky trick of the cyber-fraudsters ensures that the app is likely to remain unnoticed on the device for longer, allowing the malware to manage the device remotely.

Exploiting a previously-unknown vulnerability in the Android operating system to conceal itself in the Device Admin list, once the malware is present it’s free to wreak havoc, potentially sending premium SMS messages, downloading further malware and spreading to other devices that are connected via Bluetooth to the infected device. Arguably of most concern out of these consequences, is the possibility that users will be left with phone bills running to hundreds or thousands of dollars, if their device is used to send premium SMS messages remotely.

It’s recommended that users download and install a fix in order to check whether they have become infected with the malware, however at the time of writing there is limited support available from device manufacturers or the security industry for this issue.

Fortunately, Norton Halt – Symantec’s first-responder ‘fix’ tool for Android threats – includes a new, unique feature that scans and reveals any apps that have hidden their own presence in the Device Administrator list. After installing and running the scan from within Norton Halt, users should deactivate any apps that are revealed to be hiding their device admin privileges. Once the app has been deactivated, users can then uninstall the app in the usual manner from the Settings -> Application Manager menu.

As always, we recommend that smartphone and tablet users pay close attention to the permissions each app is requesting on installation, that apps are only installed from legitimate app stores, and to be cautious when installing apps from unknown app developers. To maintain your privacy, it’s increasingly important to install an up-to-date security app on your Android handset, such as Norton Mobile Security.

Prior to installing new apps on your device, check the AppView library on, or search for your intended app in our new Security Score widget.

image description

New Android Threat poses risk to App Signatures

image description

How to Manage Privacy Settings In Windows Phone 8