By Brian Fagioli
Since Android is based on Linux, many users consider it rather safe and secure. However, this is not at all true — most malware that targets mobile devices, targets Android. For the most part though, it is easy to stay safe by only installing reputable apps from the Play Store.
What if, however, your desktop operating system was infecting your Android device without you knowing? Sadly, this can happen, as some Windows users are finding out. Symantec announces it has found such a case, and it is really nasty.
“We’ve seen Android malware that attempts to infect Windows systems before […] Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices”, says Flora Liu of Symantec.
Liu further explains, “The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service”.
What makes this particularly devious and nasty, is that Droidpak downloads a configuration file, which causes the mayhem. This file triggers a download of a malicious Android .apk file and adb for Windows. If an Android device with USB debugging enabled is connected to the infected Windows PC, the malicious .apk file is pushed to the device.
Once the .apk file is pushed to the device, the user is presented with a fake “Google App Store”. The fake app store will then intercept the user’s text messages as well as replace Korean banking apps with malicious versions.
Symantec suggests the following, in order to stay safe:
- Turn off USB debugging on your Android device when you are not using it
- Exercise caution when connecting your mobile device to untrustworthy computers
- Install reputable security software, such as Norton Mobile Security
- Visit the Symantec Mobile Security website for general safety tips
While, this all sounds horrible, in reality, the majority of Android users should not have debugging enabled and thus, are safe. However, it is not uncommon for power users to have this feature turned on for tinkering purposes.
Have you encountered Trojan.Droidpak? Tell me about it in the comments.