Multi-platform Malware Poses Threat to Android and Windows Users
Earlier this month, SecurityWeek’s Brian Prince wrote about Kaspersky Lab’s discovery of malware that is capable of jumping from Android devices to Windows PCs, turning the computer into a live microphone. As it turns out, this isn’t the only type of cross-platform attack that worked itself into Google’s application store.
Researchers at NQ Mobile have discovered another case of Android to PC malware, one that leverages the device’s USB connection to deliver a number of payloads, including keylogging or remote access.
“In this case, the malware hijacks a legitimate Android cache-cleaning app and comes to life when syncing the device with a PC via the USB port. And the motive seems to be all about money: the malware can be used to allow cyber criminals to access the machine and the sensitive data it holds or even capture keystrokes. The worm can also copy itself to all the PC’s drives, including removable ones such as flash drives, as well as mapped network drives – and even disable your Windows anti-virus software,” the company explains.
In a brief research post on the topic, NQ explains that the malware’s data capturing functions are written to encrypt and transmit the compromised data to locations in the Ukraine, Russia, or Brazil.
On version 4.2 of Android, Google introduced a function called Verify Apps, which disallows or warns users before potentially harmful software is loaded on the device. However, recent research (which NQ did not cite fully) is said to show that only 15% of known malware is blocked with this feature.
“If you make your living developing mobile malware, and you spent hours looking for ways to quickly and efficiently multiply your demons, it would make logical sense to design them so they are able to transmit themselves between a PC and a mobile device. It was only a matter of time,” NQ researchers wrote in a blog post.
When it comes to these types of attacks, the criminals are targeting the Auto Run feature on Windows. Systems that are patched with Microsoft’s AutoRun fix from 2011 (XP and Vista) are immune to this attack. On Windows 7 and 8, Auto Run is disabled by default – so the attack will fail there as well, as long as users have not altered the settings.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
