Gone are the days when only downloading from Google Play was enough to stay safe. Anti-virus and security company Symantec has released details of a new piece of Windows malware that tries to infect Android devices when they are plugged into a compromised PC.
The new malware, called Trojan.Droidpak, installs itself as a system service on a Windows PC and then downloads a malicious banking .apk file. It will also probably download the Android debugging tool ADB. Once ADB is installed the malware will wait for an Android device to be connected and then install the banking trojan via sideloading. The good news is that USB debugging needs to be enabled in the Android device for this to work.
The malicious Android app is a variant of Android.Fakebank.B and installs itself as a clone of the Google Play Store. It will then look for certain Korean online banking apps and prompt the user to delete them and install malicious versions from the fake Play Store. The malicious app can also intercept SMS messages and forward them on to a server that is undoubtedly used to help bypass the SMS authentication systems used by the banks.
Although the currently active versions of this malware target Korean banks, the same setup could be used to sideload a huge variety of malware that target banks all around the world, or sideload other types of malware like premium rate SMS apps.
There are of course practical steps that can be taken to mitigate the risk. First only enable USB debugging when necessary. Second exercise caution when connecting your device to an unfamiliar PC. Thirdly, make sure you have good anti-virus software on your Windows PC. Lastly you should also consider using an anti-malware app on your Android device. Since many of these are free they will offer an extra layer of protection against infections like this one.