Tuesday, January 28, 2014

First Ever Windows Malware that can hack your Android Mobile





[Original Source]
Hey Android users! I am quite sure that you must be syncing your Smartphone with your PCs for transferring files and generating backup of your device.

If your system is running a windows operating system, then it’s a bad news for you. Researchers have discovered a new piece of windows malware that attempts to install mobile banking malware on Android devices while syncing.

Last year in the month of February, Kaspersky Lab revealed an Android malware that could infect your computer when connected to Smartphone or tablets.

Recently, Researchers at Symantec antivirus firm discovered another interesting windows malware called ‘Trojan.Droidpak’, that drops a malicious DLL in the computer system and then downloads a configuration file from the following remote server:

http://xia2.dy[REMOVED]s-web.com/iconfig.txt

The Windows Trojan then parses this configuration file and download a malicious APK (an Android application) from the following location on the infected computer.

%Windir%\CrainingApkConfig\AV-cdk.apk

To communicate with the mobile device a command line tool Android Debug Bridge (ADB) is required, that allows the malware to execute commands on Android devices connected to the infected computer. ADB is a legitimate tool and part of the official Android software development kit (SDK).

In the next step, the trojan downloads all the necessary tools including Android Debug Bridge and the moment you connect an android device having USB debugging Mode enabled, it initiates the installation process and repeats it until it ensure that the connected device has been infected and install an app that will appear as a fake Google App Store.




Such Windows Malware is first of its own kind, since attackers prefer to use the social engineering techniques to spread their fake malicious apps hosted on third-party app stores. The installed malware dubbed as "Android.Fakebank.B", able to intercept victim's SMS messages and then send them to the attacker's server located at:

http://www.slmoney.co.kr[REMOVED]

Anyway Relax, if you are not a Korean citizen, because the malicious APK actually looks for certain Korean online banking applications on the compromised device.

If you want to protect your Mobile and system from such Malware attack, Please consider a few points while connecting to a windows based computer:
Turn off USB debugging on your Android device, when you are not using it
Avoid connecting your droid with public computers
Only Install reputable security software
Keep your System, Softwares and Antivirus up-to-date.

Stay Safe!

No comments:

Post a Comment