Android Trojan Infects Smartphone to Launch Attack on PC
Android Trojan Infects Smartphone to Launch Attack on PC.
Kaspersky Lab has discovered the first ever Android malware app that appears to have been designed
not to attack the host smartphone but any PCs it is subsequently connected to.
Discovered on Google Play (yes,
Play hosts malware despite Google's attempts to clean it up), targeting Russian-speakers
disguised as a memory-killer utility, innocent downloaders will end up with
three malware files on any SD card plugged into their smartphones.
Any PC that connects to the phone while in USB emulation mode
(which treats attached smartphone drives as external disks) and old enough not
to disallow Windows Autorun, will end up being hit with Backdoor.MSIL.Ssucl.a.
It's a novel route to attack a PC but why engineer malware to do
it?
Strangely, the primary purpose of the malware is to record any
audio detected by the PC's microphone, saving this to a file that is then
uploaded to a server in an encrypted format.
The malware also takes complete control of the smartphone but
that could be a secondary activity.
"Generally speaking, saving autorun.inf and a PE file to a
flash drive is one of the most unsophisticated ways of distributing
malware," said a baffled Kaspersky Lab researcher, Victor Chebyshev.
"At the same time, doing this using a smartphone and then
waiting for the smartphone to connect to a PC is a completely new attack
vector.
The dependence on Autorun strong suggested that the malware was
deliberately looking for victims running versions of Windows prior to 7, a
declining population in countries such as the UK and US but still remarkably in
former Soviet republics.
Google has removed the two apps associated with the attack from
Play but not before it was downloaded by several thousand users.
