Gone are the days when only downloading from Google Play was enough to stay safe. Anti-virus and security company Symantec has released details of a new piece of Windows malware that tries to infect Android devices when they are plugged into a compromised PC.
The new malware, called Trojan.Droidpak, installs itself as a system service on a Windows PC and then downloads a malicious banking .apk file. It will also probably download the Android debugging tool ADB. Once ADB is installed the malware will wait for an Android device to be connected and then install the banking trojan via sideloading. The good news is that USB debugging needs to be enabled in the Android device for this to work.
The malicious Android app is a variant of Android.Fakebank.B and installs itself as a clone of the Google Play Store. It will then look for certain Korean online banking apps and prompt the user to delete them and install malicious versions from the fake Play Store. The malicious app can also intercept SMS messages and forward them on to a server that is undoubtedly used to help bypass the SMS authentication systems used by the banks.
Although the currently active versions of this malware target Korean banks, the same setup could be used to sideload a huge variety of malware that target banks all around the world, or sideload other types of malware like premium rate SMS apps.
There are of course practical steps that can be taken to mitigate the risk. First only enable USB debugging when necessary. Second exercise caution when connecting your device to an unfamiliar PC. Thirdly, make sure you have good anti-virus software on your Windows PC. Lastly you should also consider using an anti-malware app on your Android device. Since many of these are free they will offer an extra layer of protection against infections like this one.
Like this post? Share it!
People still plug their phones in to computers for reasons other than rooting?
Media transfer. Charging.
It’s good that most people don’t have USB Debugging enabled when they do such tasks.
Most people wouldn’t even know what that is, never mind why they’d ever need to enable it.
Bit of an irony that the only real targets that this malware can infect, are the people knowledgeable enough to root their phones and flash them.
South Korea is littered with hackers. I’m guessing that’s where the attack derived from. So many people there are going into Computer Science majors that the country’s a hacker refuge. That being said, the market for a career in system security is high in South Korea right now.
5. Consider using a safe operating system on your PC ;-)
1. Download Linux Distro of your choice
2. Install Linux Distro of your choice
OS X FTW!!!!
Kubuntu: It’s like Ubuntu, only sexier. :)
Yes, Ubuntu is nice however I like the old gnome 2 DE so I use the MATE desktop :p
You are kidding, right? Linux is much easier to hack’n'crack than Windows. I know because I can do both. :)
I doubt this is a very common thing. Definitely not worth getting off of Windows.
Wireless charging + Dropbox + Dropsync = almost completely cable free aside from rooting/flashing
Well its safe to say DON’T DOWNLOAD THAT :)