A new PC virus is attempting to install a mobile banking malware on Android devices when they’re connect to infected PC’s according to researchers at Symantec. This method is one of the most unusual the researchers has seen since the attackers usually prefer to use fake apps which are normally hosted on a third party app store to distribute the malware, which is easy since you’re able to download virtually anything to your Android device, given the right apps.
“We’ve seen Android malware that attempts to infect Windows systems before, Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.”
But what the researchers have come across is something entirely different, a Windows virus which attempts to infect Android devices. The new malware Trojan.Droidpak by Symantec leaves the DLL file on the PC and registers a new system service to make sure it’s still there when Windows reboots. It will then download a file from a remote server which contains the location of a malicious APK file called AV-cdk.apk.
See Also: Nexus 5 vulnerable for DoS attack
The malware will then run the command repeatedly to ensure that if an Android device is connect, it can install the APK silently at any time. It does have its limitations though, if the option called “USB Debugging” is turned off on the device, this process will not work. The malware disguises itself as the Google App Store app and even uses the same icon.
“The malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions, it also intercepts SMS messages received by the user and sends them a remote server”
Liu now advises users who own an Android device to turn off the USB debugging feature when its not needed and to be careful when they’re connecting their device to a PC they don’t trust.