Security Advisor

New Android Malware Aims To Infect PCs

A first of its kind, this mobile virus records your every sound through your PC.

Kaspersky security experts are shedding some light on an Android malware that was designed to bring havoc to your PC.

Here's how it works: You download an application on the Google Play store that is not on the up and up (Kaspersky said this particular malware has found a home hidden in a bogus system cleaning app called DroidCleaner). The malware, while not initially causing any harm to your mobile device (that comes later), lays in wait for you to connect it to your PC through the USB emulation mode, which allows your PC to view the device as an external storage device. If AutoRun is enabled on your Windows machine, the malware installs its claws into your system. The good news is that if you have the your Windows updated, AutoRun is disabled by default.

And once it's in your PC, the virus goes to work by activating your PCs microphone, recording everything that is said in the proximity of the machine and then sending it back to the malware creator.

"Generally speaking, saving autorun.inf and a PE file to a flash drive is one of the most unsophisticated ways of distributing malware," said Kaspersky's Victor Chebyshev, in a blog post. "At the same time, doing this using a smartphone and then waiting for the smartphone to connect to a PC is a completely new attack vector. In the current versions of Microsoft Windows, the AutoRun feature is disabled by default for external drives; however, not all users have migrated to modern operating systems. It is those users who use outdated OS versions that are targeted by this attack vector."

Kaspersky said that this is the first malware of its kind to target your PC in this fashion.

As someone who is not part of the criminal fraternity, the malware's execution confuses me a bit. Sure, if malware distributers want to record me laughing at stupid Reddit links or cursing at my screen after an untimely death in Counter Strike, be my guest. But I don't remember the last time I verbally recited any of my private financial information in front of the screen. And if someone was to let something slip in front of their PC that they didn't want known by an outside source, how many hours would the malware distributer have to listen to before stumbling upon anything that could be beneficial to them (share your best hypothesizes below)?

Speaking on who is being targeted, Chebyshev said "...a typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device. Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme."

Not wanting to miss an opportunity to cause as much harm as possible, that infected smartphone or tablet isn't just a carrier; the malware also has the ability to enable WiFi on your device, send out SMS messages, uploading your memory card info, deleting your contacts and open harmful links in the device's Web browser.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.