As it continues to gain popularity among consumers and developers alike, malware authors now seem to have shifted their target to Android in a not-so-common manner. According to security firm Symantec, a trojan, dubbed Trojan.Droidpak, tries to install mobile banking malware on Android devices via a Windows machine.
“We’ve seen Android malware that attempts to infect Windows systems before,” Symantec researcher Flora Liu said in a blog post. “Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.”
“Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices,” Liu said.
The recently discovered Windows malware drops a malicious DLL file on the Windows computer and registers it as a new system service. It then downloads a configuration file from a remote server; this server contains the location of a malicious APK (Android application package) file called AV-cdk.apk.
The installation is attempted repeatedly to ensure that the infection is successful.
Symantec explained, “Successful installation also requires the USB debugging Mode is enabled on the Android device. However, the malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions.”
Users are advised to turn off USB debugging on Android devices when it’s not needed in order to avoid falling victim to this new infection vector.
“Exercise caution when connecting your mobile device to untrustworthy computers [and] install reputable security software,” the firm warned.