Android Trojan infects smartphone to launch attack on PC

Android Trojan infects smartphone to launch attack on PC

Audio files used as attack vector

Article comments

Kaspersky Lab has discovered the first ever Android malware app that appears to have been designed not to attack the host smartphone but any PCs it is subsequently connected to.

Discovered on Google Play, targeting Russian-speakers disguised as a memory-killer utility, innocent downloaders will end up with three malware files on any SD card plugged into their smartphones.

Any PC that connects to the phone while in USB emulation mode (which treats attached smartphone drives as external disks) and old enough not to disallow Windows Autorun,  will end up being hit with Backdoor.MSIL.Ssucl.a.

It’s a novel route to attack a PC but why engineer malware to do it?

Strangely, the primary purpose of the malware is to record any audio detected by the PC’s microphone, saving this to a file that is then uploaded to a server in an encrypted format.

The malware also takes complete control of the smartphone but that could be a secondary activity.

“Generally speaking, saving autorun.inf and a PE file to a flash drive is one of the most unsophisticated ways of distributing malware,” said a baffled Kaspersky Lab researcher, Victor Chebyshev.

“At the same time, doing this using a smartphone and then waiting for the smartphone to connect to a PC is a completely new attack vector.

The dependence on Autorun strong suggested that the malware was deliberately looking for victims running versions of Windows prior to 7, a declining population in countries such as the UK and US but still remarkably in former Soviet republics.

Google has removed the two apps associated with the attack from Play but not before it was downloaded by several thousand users.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *