Android malware apps designed to infect PCs discovered in Google Play

February 4, 2013 | By Jason Ankeny

New Android malware applications intended to wreak havoc on both mobile and desktop devices have been discovered in the Google (NASDAQ:GOOG) Play storefront, software security firm Kaspersky Lab reports.

Two identical Android applications from developer Smart Apps, Superclean and DroidCleaner, masquerade as "cleaner" apps promising to accelerate smartphone processing speeds, but instead download three files (autorun.inf, folder.ico and svchosts.exe) to the root of the device's SD card. When the smartphone is connected to a Windows computer in USB drive emulation mode, the svchosts.exe file (Backdoor.MSIL.Ssucl.a) is automatically executed on the PC. Kaspersky states the apps take control of the desktop microphone, encrypting all recordings and sending them back to the attacker; in addition to infecting workstations, the malware gathers information about the Android device, opens arbitrary browser links, uploads and deletes SMS messages, and uploads contacts, photos and coordinates.

"We have come across PC malware that infects mobile devices before," states Kapersky Lab Expert Victor Chebyshev. "However, in this case it's the other way round: an app that runs on a mobile device (a smartphone) is designed to infect PCs."

Chebyshev calls saving autorun.inf and a Portable Executable file to a flash drive "one of the most unsophisticated ways of distributing malware," but adds that distributing malware via smartphone and then waiting for the device to connect to a PC signals a completely new method of attack.

"In the current versions of Microsoft (NASDAQ:MSFT) Windows, the AutoRun feature is disabled by default for external drives; however, not all users have migrated to modern operating systems. It is those users who use outdated OS versions that are targeted by this attack vector," Chebyshev writes. "Thus, a typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device. Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme."

Critics maintain Google has failed to sufficiently police Google Play, making it easy for attackers to distribute malware via Android applications. An estimated 18 million Android users will encounter mobile malware between the beginning of 2012 and the conclusion of 2013, according to a forecast published late last year by Lookout Mobile Security: The firm adds that the likelihood users will encounter malware or spyware threats depends heavily on their geography and behavior, varying from 0.20 percent in Japan to 0.40 percent in the U.S. to as high as 34.7 percent in Russia.

For more:
- read this SecureList blog entry
- read this Next Web article