The AVOXI Blog:
The Most Educational VOIP Call Center Software and Business Phone System Blog in the World!

New Malware on Android Devices

The Kaspersky Lab‘s team has found a new type of malware that infects the user’s computer when it is connected with smartphones or tablets.

Users typically look for ways to accelerate their devices by freeing up memory.  They search for applications that make their tablets or smartphones work faster, and install apps which may have malware hidden.

PC malware that infects mobile devices have been discovered before.  However, in this case, it’s the other way around: an app that runs on a mobile device was designed to infect PCs.

On January 22nd, 2013, Kaspersky Lab discovered the applications “Superclean” and “DroidCleaner” on Google Play.  Both were very popular with a respectable rating.

After users download the application and finish the install, the app displays a list of all running processes and restarts the device.  Later, in the background, the app downloads three files: autorun.inf, folder.ico, and svchosts.exe.  When users connect the infected Android device to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file is automatically executed on the computer.

The malicious code starts capturing the sound instantly from the system’s microphone, and all recorded data is sent to remote servers after encrypting files.  The malware is also capable of sending SMS messages, enabling Wi-Fi, gathering information about the device, opening arbitrary links in a browser, uploading the SD card’s content, uploading an arbitrary file to the master’s server, uploading all SMS messages, deleting all SMS messages, or uploading all contacts/photos/coordinates and sensitive information such as passwords or Corporate e-mails from the device to the master server.

Before those apps were removed by Google, they were downloaded more than 6,000 times.  If you have recently downloaded or run those apps in any of your Android devices, it is strong recommended that they are removed and your computer is scanned as soon as possible.

Kaspersky Labs updated this thread on their database on February 1st, so businesses should ensure that their network administrator updates the Kaspersky virus signature database and runs a deep scan to prevent any data loss.

As the Lead Security Engineer and Linux Administration for AVOXI, Pablo's expertise and past work experience has given him insight to an array of systems and applications, well as knowledge among varied telephony equipment and developments.

Latest posts by Pablo Valenciano (see all)

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This