Android malware delivered via windows, when debugging-mode enabled

Be careful if you are connecting your android device to others computers! 
A New windows-based malware installs malicious application in debugging-mode enabled android devices.

Usually, malware applications get installed in your device, only if you have changed the default security settings to allow apps from third-party app stores.  But, Malware analysts at Sophos say a malware still can reach your device, even if you have not enabled so-called "off-market" apps.

When you have enabled USB debugging mode,  you can install apps directly from your windows machine.  A new windows-based malware appears to be taking advantage of this facility.

The malware first register itself as a system service and downloads a configuration file "iconfig.txt".  The iconfig.txt file contains the list of exe files to be downloaded in the infected machine.

"Samsung.exe, LG.exe, AdbWinApi.dll, AdbWinUsbApi.dll, aadpt.exe, adb.exe, AV-cdk.apk, ok.bat" are the files downloaded by the malware.

The "ok.bat" is a batch file that runs "C:\Users\Yourname> adb install AV-cdk.apk" in your command prompt, results in the malicious apk file getting installed in your android device.

The name of apk file sounds like it is pretending to be an Antivirus, but once installed, the app disguise itself as "Google Play store".

Researchers suggest to turn it off the Android Debugging option, when you don't need it.
Category: /

Share this with Your friends: