Years ago, when a huge majority of computer users were using Windows (not saying that it’s no longer the case), most of the viruses released were made for the said operating system. Today, with the number of Android-powered devices numbering in the millions, it is only logical that malware created for the OS would also be aplenty.
Android users should be careful when it comes to their device’s security. Case in point, Symantec just discovered another malware which is designed to infect Android devices from a Windows system.
Here’s the technical explanation from Symantec:
The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server:
http://xia2.dy[REMOVED]s-web.com/iconfig.txt
It then parses the configuration file in order to download a malicious APK to the following location on the compromised computer:
%Windir%\CrainingApkConfig\AV-cdk.apk
The DLL may also download necessary tools such as Android Debug Bridge (ADB).
Next, it installs ADB… to install the malicious APK to any Android devices connected to the compromised computer.
The installation is attempted repeatedly in order to ensure a mobile device is infected when connected. Successful installation also requires the USB debugging Mode is enabled on the Android device.
The malicious APK is a variant of Android.Fakebank.B and poses as a Google App Store application.
The malware discovered by Symantec is targeting certain Korean online banking applications but in the hands of shoddy people its function could be re-tooled.
In order to keep your Android device secure from this threat, make sure that you turn off USB debugging when not using said feature. After all, if you are going to turn on that feature, you must already know what you are doing. There’s a reason that feature is turned off by default.