Symantec researchers have found what they are calling the first known example of Windows malware specifically designed to infect Android devices. “We’ve seen Android malware that attempts to infect Windows systems before,” mentioned Flora Lui, author of the Symantec post announcing Droidpak. “Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.”
Droidpak is a trojan designed to exploit the Windows operating system and gain a foothold on the victim’s computer. After Droidpak settles in, it contacts a remote command & control server. Then, according to Symantec SecurityResponse, the remote server sends a configuration file back to the infected Windows computer similar to the example below:
Notice the configuration file references a website. The infected computer tries connecting to the website. If successful, an Android malware file similar to the one below will begin downloading:
The remote server may also download tools, such as Android Debug Bridge in order to install the Android PacKage (APK) or other malware destined for the target Android device (phone or tablet) connected to the infected computer via a USB cable.
Several things have to happen in order for Droidpak to successfully install its payload—Android.Fakebank.B. We will look at those in a bit. First, let’s look at what the malware developers designed Android.Fakebank.B to do once installed as an application on an Android device.
Android.Fakebank.B will show up as a “Google App Store” application as shown in the slide below.
Once installed, Android.Fakebank.B looks to see if there are any mobile banking apps installed on the Android device. Symantec said the version of Android.Fakebank.B studied was specifically targeting Korean-banking applications. If Android.Fakebank.B finds a familiar banking app; it attempts to make the user believe the currently installed banking app is malware, should be removed, and replaced by Android.Fakebank.B. If the user agrees and loads Android.Fakebank.B, the malware is in position to steal login credentials and possibly account information when the user logs in using what is thought to be the correct banking app.
Symantec mentions that, “Android.Fakebank.B also intercepts SMS messages on the compromised device and sends them to the following location.”
Now it’s time to talk about what needs to happen for Droidpak/ Android.Fakebank.B to be successful. Users must agree to install any program on an Android device. This is where social engineering comes into play, and we all know the bad guys are getting good at it.
Symantec, and other Android experts, I talked to, suggest turning off USB debugging on Android devices. Most people will not use USB debugging as it’s a developer tool, and used to sideload Android applications from a computer—why Droidpak works. This link explains how to disable USB debugging.
The Android experts also said they would be remiss for not mentioning the importance of having AV applications on both computers and Android devices. With Droidpak unmasked, AV companies will have their products looking for it.
Speaking of antivirus applications for Android, Andreas Marx, CEO of AV-TEST Institute, just sent me the latest Android antivirus app test results. Marx wrote, “30 Android security apps were tested: only two products failed in our latest review against 2,191 malicious apps.”
In the email, Marx included what he considered to be key elements of the latest test:
Several things have to go right before the Droidpak/Android.Fakebank.B malware combination can successfully steal banking information, but that was also the case with the first versions of banking malware targeting PCs. Now, Zeus and Neverquest are highly successful banking malware.
I would prefer to be wrong, but due to the popularity of mobile devices and the number of banking apps: I’m afraid bad guys are going to make sure malware like Droidpak succeeds.
Article courtesy: TechRepublic
My goal is to aggregate your database aura to release its inner Tai Ji that will harmonize your site with Google's algorithm du jour yielding excellent karma with high rankings and tons of fans. I've read about this a lot and this will crush it dude....
Dec 20, 2017 0Healing Blends Global in conjunction with Uzima University Medical School will conduct a Sickle Cell double-blind study in Kisumu, Kenya. The study will evaluate the effectiveness of Even Flo, an all-natural supplement, in reducing the frequency of crises in sickle cell patients. This study will...
Oct 13, 2015 0