Search




The Web Techplanet4u

New Windows malware tries to infect Android devices connected to PCs

New Windows malware tries to infect Android devices connected to PCs

A new computer Trojan program attempts to install mobile banking malware on Android devices when they’re connected to infected PCs.
This method of targeting Android devices is unusual, since mobile attackers prefer social engineering and fake apps hosted on third-party app stores to distribute Android malware. We’ve seen Android malware that attempts to infect Windows systems before, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.

The new malware, dubbed Trojan.Droidpak, dropsa DLL file on the Windows computer and registers a new system service to ensure its persistence across reboots. It then downloads a configuration file from a remote server that contains the location of a malicious APK file called AV-cdk.apk. The Trojan program downloads the malicious APK,as well as the Android Debug Bridge (ADB) command line tool that allows users to execute commands on Android devices connected to a PC. ADB is part of the official Android software development kit (SDK).The malware executes the “adb.exe install AV-cdk.apk” command repeatedly to ensure that if an Android device is connected to the host computer at any time, the malicious APK is silently installed on it.

However, this approach has a limitation—it will work only if “USB debugging” is enabled. The malicious APK distributed by this Windows malware is detected by Symantec as Android. Fakebank.B and masquerades as the official Google Play application. Once installed on a device, it uses the name “Google App Store” and the same icon as the legitimate Google Play app.

The malicious APK actually looks for certain onlinebanking applications on the compromised device and, if found, prompts users to delete them and install malicious versions. It also intercepts SMS messages received by the user and sends them a remote server.

It's advised that users turn off the USB debugging feature on their Android devices when not it’s not needed and to be wary of connecting their mobile devices to computers they don’t trust.

No comments:

Post a Comment