Everybody with a cell phone and a laptop have connected the two together to transfer a file or to root the device, or to simply browse the system in a more convenient way. People in general view this way as the most secure way of transferring files, particularly since they have the hardware on their lap, as opposed to the cloud method of file transfer.
After reading this you may think again though, as a piece of malware has recently been uncovered that tries to infect an Android device that is connected to an infected Windows PC. This Trojan attempts to install mobile banking malware and acts in reverse to what has been previously seen. There has been Android malware that attempts to infect Windows systems when the infected Android device connects to the machine.
This new piece of malware is called Trojan.Droidpak (named by Symantec), works by placing a .dll file on the infected PC and then registers a new system service to make certain its persistence across all system reboots.
The Trojan downloads 2 different files from a remote server that has a malicious .apk file named AV-cdk.apk. It then also downloads the Android Debug Bridge command line tool, which allows users to execute commands on Android devices connected to a PC. The Trojan has been coded as such to activate a command that checks to see if an Android device is associated to the host computer at any time. When the Trojan detects this, then the malicious APK is mutely installed upon it.
But panic not people! As there is a very straightforward solution to this conflict. The only way that the Trojan can be installed on the Android device is if the “USB debugging” option is turned on. If you are afraid that you maybe at risk, then simply turn this feature off. USB debugging is normally used for development purposes, but it is also required for certain things that Android users like to do, such as rooting the Operating System.
This malware looks to target online banking users from South Korea. The APK itself is named Android.Fakebank.B and it uses the same icon as the Google Play Store, but it reads ‘Google App Store’. The APK also intercepts text messages received by users and sends them to a remote server, which can be used for transaction fraud.
Don’t be fooling into thinking, “I don’t bank in South Korea so I will be ok’ as malware coders more often than not, like to borrow each other’s code. So, the best way to avoid this risk is to leave USB debugging off until you absolutely need it, and only connect your device to a computer that you trust.
[Image via thehackernews]