We all at one point or another, have connected our phones to our computers to transfer a file, to root our devices, or to simply browse our system in a manner we are used to seeing. People, myself included, view this way as the most secure way of transferring files, especially since we have the hardware right in front of us as opposed to the modern cloud methods. However, a recent piece of malware has been uncovered that tries to infect our Android devices that connect to an infected Windows PC. This Trojan attempts to install mobile banking malware, and acts in reverse to what we have seen before. We have known about Android malware that attempts to infect Windows systems when an infected Android device connects to the PC.
This new piece of malware, called Trojan.Droidpak by Symantec, places a .dll file on the infected PC and registers a new system service to ensure its persistence across all system reboots. The Trojan downloads two different files from a remote server that has a malicious .apk file named AV-cdk.apk. It also downloads the Android Debug Bridge command line tool that allows users to execute commands on Android devices connected to a PC. The Trojan is coded as such to activate a command that checks to see if an Android device is connected to the host computer at any time. When it detects this, the malicious APK is silently installed on it. Thankfully, there is a very simple solution to this conflict. The only way that the Trojan can be installed on the Android device is if the “USB debugging” option is turned on. If you fear that you are at risk of this, simply turn this feature off and you will be fine. USB debugging, for those of you who don’t know, is typically used for development, but it is also required for certain things that Android users like to do, such as rooting the OS.
This particular piece of malware looks to target online banking users from South Korea. The APK itself is named Android.Fakebank.B and uses the same icon as the Google Play Store, but instead is under the name “Google App Store”. This APK also intercepts SMS messages received by users and sends them to a remote server, which can cause transaction fraud. While this piece of malware seems to be focused on South Korean bankers, malware coders typically like to borrow each other’s ideas. Simply put, the best way to avoid this risk is to leave USB debugging off until you absolutely need it, and only connect your device to a computer that you trust. If you are concerned that your phone is infected with malware, use these steps to see for sure. Do you have any thoughts on this? Will you be turning off your USB debugging, or will you be keeping it going? Let us know that and any other thoughts in the comments!
Source: PC World