Security Advisor

Windows Malware Targeting Android Banking Apps

While malware moving from mobile devices to PCs have become the norm, malware moving in the opposite direction looks to be a new attacker trick.

A new Windows malware is making the rounds that can infect Android devices connected to the PC.

According to security firm Symantec, who discovered and recently detailed the malware in a blog post,  the malicious software has been targeting users of South Korean banking apps. Called Trojan.Droidpak, the app makes the jump from a Windows-based PC to the phone when connected via USB.

Once an Android device with USB debugging enabled (necessary for the malware to make the jump) is connected to the infected computer, the malware located in Windows executes and installs a harmful .apk file. After installation is completed, the hidden app will scan the device and, if a targeted South Korean banking app is found, the device will prompt users to update. Instead of updating through either Google's app store or directly from the bank, the malware will delete the app and install malicious copies of the bank apps that will monitor online banking activity and intercept and reroute SMS messages sent to and from the financial institutions.

Symantec said that this malware is unique due to the fact that it's moving from Windows to a connected device, instead of the other way around.

"We've seen Android malware that attempts to infect Windows systems before," wrote Symantec's Flora Liu. "Android.Claco, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file."

While this particular threat has only been used to target a specific audience in South Korea, with anything "new" in the hacking community, this unique type of threat won't stay unique for long. To avoid what may be making its way through the pipeline with regards to this specific type of attack, Symantec recommends the following:

  • Disable USB debugging when not in use.
  • Avoid connecting mobile devices to public or unknown PCs.
  • Install and make sure to keep updated mobile security software.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Skype Room Systems Rebranded as 'Microsoft Teams Rooms'

    Microsoft on Wednesday announced the rebranding of its Skype Room Systems product line of partner-built videoconferencing and meeting room devices, which are now called "Microsoft Teams Rooms."

  • Intel's 'Cascade Lake' Datacenter Chips Tackle AI Inference

    Amid all the flash of this month's Consumer Electronics Show (CES), there was an unlikely datacenter announcement: Intel is now shipping its new Xeon Scalable CPU.

  • Azure DevOps Server 2019 Now at Release Candidate 2

    Microsoft released Azure DevOps Server 2019 Release Candidate 2 (RC2), according to a Tuesday announcement.

  • Cloud IT Infrastructure Spending Starting To Take the Lead

    IDC this month published findings on revenues from cloud IT infrastructure spending in the third quarter of 2018, based on server, storage and Ethernet switch sales.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.