The folks over at Symantec are reporting a new malware attack, they have named Trojan.Droidpak, that is targeting Android user devices that are plugged into an infected Windows PC. The malware injects a DLL file into the system and registers for a new system service assuring it will remain even through rebooting. It then reaches out to an external server and downloads a malicious APK along with Android ADB program to inject the APK into any Android device unlucky enough to plug into the system.
We’ve seen Android malware that attempts to infect Windows systems before, Symantec researcher Flora Liu, said Thursday in a blog post. Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.
Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.
The malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions, Liu said. It also intercepts SMS messages received by the user and sends them a remote server.
This is certainly something to be aware of for any Android users that do sync or frequently plug their devices into their PCs. Hit the links below for the full story and full sources.
Last Updated on January 23, 2017.