Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malware Uses Android as Gateway to Infect Microsoft Windows

A recently discovered piece of malware is using Google Android as a launch pad to turn Windows PCs into listening devices.

A recently discovered piece of malware is using Google Android as a launch pad to turn Windows PCs into listening devices.

According to Kaspersky Lab, on Jan. 22 the firm’s researchers found applications on Google Play that turns Windows’ microphone feature into a listening bug when users plug an infected phone into their Windows PC. Both of the apps – which have since been removed by Google – claimed to be able to help users clean their phones to improve performance.

However, the apps only pretend to be useful. Once downloaded, they showed the phone’s running services and with a message declaring “cleanup done!” From there, the malware downloads three files from a specified URL and places them in the root directory of the SD card. When the smartphone is connected to the PC in the USB drive emulation mode, the system automatically executes the file svchosts.exe, which is actually Backdoor.MSIL.Ssucl.a.

“Overall, Backdoor.MSIL.Ssucl.a is not a particularly sophisticated piece of malware,” blogged Victor Chebyshev of Kaspersky Lab. “[It’s] only feature of interest is that it includes the freely-distributed library NAUDIO (naudio.codeplex.com).”

While saving autorun.inf and a PE file to a flash drive is one of the most unsophisticated ways of spreading malware, doing it using a smartphone and waiting for the device to be connected to a PC is brand new attack vector, he wrote. The attack is mitigated by the fact that in the current versions of Microsoft Windows the AutoRun feature is disabled by default. However, not all users have migrated to modern operating systems, Chebyshev noted.

“Thus, a typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device,” he wrote. “Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.