Wednesday, January 29, 2014

Windows Malware tries to attack Android Devices.

12:11 PM   , , ,   No comments

In the fight between the Windows and Android, many users bank accounts are being compromised. A recent blog from Symantec reveals thats, a new malware DLL is distributed on Windows machines which passes a trojan malware Trojan.Droidpak when any Android phones are connect with Windows system. This trojan connects with banking applications installed in the phone and retrieves all the information.

In the Symantec blog researcher Flora Liu said that, “the infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server:
  • http://xia2.dy[REMOVED]s-web.com/iconfig.txt
It then parses the configuration file in order to download a malicious APK to the following location on the compromised computer:
  • %Windir%\CrainingApkConfig\AV-cdk.apk
The DLL may also download necessary tools such as Android Debug Bridge (ADB).
Next, it installs ADB and uses the command shown in Figure 1 to install the malicious APK to any Android devices connected to the compromised computer:
Figure 1. Command to install the malicious APK
The installation is attempted repeatedly in order to ensure a mobile device is infected when connected. Successful installation also requires the USB debugging Mode is enabled on the Android device.

The malicious APK is a variant of Android.Fakebank.B and poses as a Google App Store application.

Figure 2. Malicious APK posing as Google App Store
However, the malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions. Android.Fakebank.B also intercepts SMS messages on the compromised device and sends them to the following location:
  • http://www.slmoney.co.kr[REMOVED]”

To avoid such things with your Android devices you should turn off USB debugging on your Android device when you are not using it and do not connect your phone with any untrusted computers.

Steps to turn off USB debugging in your phone.

For Android 1.x and 2.x
  • Go to Applications > Settings > Applications > Development.
  • Uncheck USB debugging.
For Android 4.x
  • Go to Applications > Settings > Developer Options.
  • Uncheck USB debugging.


If you like this blog please follow us on Twitter @gizmosweb , like the Facebook page.

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )