Windows Trojan Droidpak Pushes Malware onto Android Devices


Malicious Android application and the code that's used to install it

Security researchers have come across a Windows Trojan, Trojan.Droidpak, that’s designed to infect the Android devices connected to the affected computer.

When it infects a computer, the threat drops a malicious DLL file and registers it as system service. After that, it downloads a configuration file, which is parsed in order to retrieve a malicious APK file, Symantec experts explained in a blog post.

In the next phase of the attack, the Android Debug Bridge Tool is installed. The application is utilized to install the malicious APK onto the Android devices connected to the infected computer.

To make sure that the infection is successful, the process is repeated a number of times. However, it only works if the USB debugging mode is enabled on the Android smartphone.

Once it’s installed, the Android threat poses as a Google App Store program. The malware, Android.Fakebank.B, is actually a malicious replica of a Korean online banking application.

If the legitimate banking app is detected on the infected device, it’s removed and replaced with the fake one. The malware is also capable of intercepting SMS messages and sending them to cybercriminals.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s