Trojan Pushes Malware onto Androids

Monday, January 27, 2014 @ 02:01 PM gHale

There is now a Windows Trojan out there designed to infect the Android devices connected to the affected computer, researchers said.

When the Trojan, called Trojan.Droidpak, infects a computer, the threat drops a malicious DLL file and registers it as system service. After that, it downloads a configuration file, which ends up parsed in order to retrieve a malicious malicious application package file (APK) file, said Symantec researchers in a blog post.

RELATED STORIES
Mac Trojan Updated and Active
Trojan Slowed, but not Gone
Trojan Remains a Danger After Deleted
Fake Ads on the Attack

In the next phase of the attack, the Android Debug Bridge Tool ends up installed. The application then installs the malicious APK onto the Android devices connected to the infected computer.

To make sure the infection is successful, the process repeats a number of times. However, it only works if the user enables the USB debugging mode on the Android smartphone.

Once installed, the Android threat poses as a Google App Store program. The malware, Android.Fakebank.B, is actually a malicious replica of a Korean online banking application.

If the legitimate banking app end up detected on the infected device, it’s removed and replaced with the fake one. The malware is also capable of intercepting SMS messages and sending them to cybercriminals.

To avoid falling victim to this new infection vector, Symantec suggests users follow these best practices:
• Turn off USB debugging on your Android device when you are not using it
• Exercise caution when connecting your mobile device to untrustworthy computers
• Install reputable security software

Click here for more details on the Trojan.



Leave a Reply

You must be logged in to post a comment.