A newly-discovered Android malware can cause havoc on your Android smartphone and Windows PC when the devices are connected. The irony is this app is masquerading as a “cleaner” app on Google’s Play Store.

Last year, ESET predicted that Android malware would become more complex and expand the range of malicious actions they can perform on an infected device. That’s exactly what DroidCleaner does.

Discovered by Kaspersky to be a vicious malware, DroidCleaner has a long list of abilities to disrupt your life. After it has been installed on your phone, the app has the ability to send SMS messages, enable Wi-Fi, gather information about the device, open arbitrary links in a browser, upload the SD card's entire contents, all SMS messages, or an arbitrary file or folder to the master's server. It can also delete all SMS messages or read, write and upload all the contacts, photos and location data from the device to the master.

Cover

Another Android malware has been discovered

However, those are just parlour tricks, as far as this app is concerned. When it runs, the app also downloads three files to the root directory of your internal SD card, and opens up a backdoor to your PC when when it is connected to the smartphone in USB drive mode.
Now, the app can control your microphone to spy on you and send recordings back to the master server. Fortunately, that’s all that it seems to do.

As Kaspersky notes, “Generally speaking, saving autorun.inf and a PE file to a flash drive is one of the most unsophisticated ways of distributing malware. At the same time, doing this using a smartphone and then waiting for the smartphone to connect to a PC is a completely new attack vector. In the current versions of Microsoft Windows, the AutoRun feature is disabled by default for external drives; however, not all users have migrated to modern operating systems. It is those users who use outdated OS versions that are targeted by this attack vector.

Thus, a typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device. Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme.

Another IT security firm, McAffee said last year that more than 60 percent of all Android threats originate from the the FakeInstaller family. FakeInstaller malware masquerade as popular apps and generate revenue by silently sending SMS messages to premium numbers without the user’s consent, which is what this latest discovered malware also does.

Fortunately, AutoRun is disabled by default on newer versions of Windows, but if you have enabled it and have been an unfortunate victim of this app, then it’s time to do a full check-up.

Tags: , , , , , , , , ,