Kaspersky Labs has announced the discovery of what it is calling the "most sophisticated" Android trojan yet. Kaspersky identifies the trojan as "Backdoor.AndroidOS.Obad.a" and notes that the trojan is capable of many different functions with the added ability to be extremely hard to remove.
Obad.a is capable of sending SMS to premium-rate numbers, downloading other malware, sending malware over Bluetooth, and remote console commands. Obad.a makes use of code obfuscation and several previously undiscovered security holes in Android to make itself hard to remove or analyze.
Once it gains Device Administrator privileges, it's nearly impossible to remove:
One feature of this Trojan is that the malicious application cannot be deleted once it has gained administrator privileges: by exploiting a previously unknown Android vulnerability, the malicious application enjoys extended privileges, but is not listed as an application with Device Administrator privileges.
Google has been informed by Kaspersky of the various security holes discovered and the security company notes that the trojan only amounts to 0.15 percent of all malware infection attempts, making it a rather minor threat for now.