January 27, 2014
19

USBcableGone are the days when only downloading from Google Play was enough to stay safe. Anti-virus and security company Symantec has released details of a new piece of Windows malware that tries to infect Android devices when they are plugged into a compromised PC.

The new malware, called Trojan.Droidpak, installs itself as a system service on a Windows PC and then downloads a malicious banking .apk file. It will also probably download the Android debugging tool ADB. Once ADB is installed the malware will wait for an Android device to be connected and then install the banking trojan via sideloading. The good news is that USB debugging needs to be enabled in the Android device for this to work.

The malicious Android app is a variant of Android.Fakebank.B and installs itself as a clone of the Google Play Store. It will then look for certain Korean online banking apps and prompt the user to delete them and install malicious versions from the fake Play Store. The malicious app can also intercept SMS messages and forward them on to a server that is undoubtedly used to help bypass the SMS authentication systems used by the banks.

Although the currently active versions of this malware target Korean banks, the same setup could be used to sideload a huge variety of malware that target banks all around the world, or sideload other types of malware like premium rate SMS apps.

There are of course practical steps that can be taken to mitigate the risk. First only enable USB debugging when necessary. Second exercise caution when connecting your device to an unfamiliar PC. Thirdly, make sure you have good anti-virus software on your Windows PC. Lastly you should also consider using an anti-malware app on your Android device. Since many of these are free they will offer an extra layer of protection against infections like this one.

Gary Sims
Gary has been a tech writer for over a decade and specializes in open source systems. He has a Bachelor's degree in Business Information Systems.He has many years of experience in system design and development as well as system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years.
Show 19 comments