Imagine if an app on your Smartphone or tablet could be the reason criminals can listen to your private conversations right now. What would they hear about your personal life? This can be the case due to a number of Android devices containing the bogus apps ‘Superclean’ and ‘Droidcleaner’ according to Kaspersky Lab, a leading malware specialist company focused on exposing, analysing and neutralising IT threats. This app malware however, isn’t targeting your Android phones, it’s targeting your PCs.
The targets for these malicious attacks? Those with older operating systems on their PCs, such as Windows XP. Some of us rely upon our phones for photos or music, this can sometimes require us to hook up our phones to our PCs in order to transfer files. Those with older Windows operating systems are targeted due to an “Autorun” feature automatically being enabled, which is disabled by default in the latest operating systems. This causes files to automatically download to the PC when the device is in USB drive emulation mode, by plugging in the Android device via USB.
These apps advertise the ability to clean and speed up the mobile operating system. In fact, the app downloads three files onto the user’s SD card: autorun.inf, folder.ico and svhosts.exe. Once the device has been connected to the PC, the malware files on the SD card will infect the PC. Malware would then trigger the audio recorder function in Windows, automatically turning on a computer/laptop microphone whenever sound is detected. This would be written to a file, and then the contents sent to the malware distributor through your internet connection.
Kaspersky Lab also identified that the malware featured the following capabilities on the handset;
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
Victor Chebyshev, Kaspersky Lab Expert, stated that “this is the first time we have seen such an extensive feature set in one mobile application,” he also stated that using the connection to a PC is a “completely new attack vector”. It is impossible to deny that the creativity of hackers and designers of malicious software is integral to its implementation, and they are constantly finding new paths and avenues to infect and gain access to our beloved tech devices. It is important for individuals and organisations to be aware of current trends in cyber criminal activities in order to effectively avoid attacks.
For a more in-depth look at how this particular malware operates, visit:http://www.securelist.com/en/blog/805/Mobile_attacks