Kaspersky Labs has discovered an Android malware that camouflages as an app on Google Play to clean out memory for Android devices, but actually contaminates the device and is to Windows PCs when an infected smartphone is connected to it. It also enables the microphone of the device to record voice then encrypts and transfers it to the source attacker. It is reported by the Kaspersky as one of the most malicious malwares on an app with an extensive set of features like exchanging messages, deleting messages and enabling Wi-Fi as well, TNW reports.
The app, when used on an Android device, would look like functioning normally as per its features described. However, it would actually infect the SD card by downloading three files – autorun.inf, folder.ico, and svchosts.exe on to it. These can then let the attacker gather information about the device or open arbitrary links in a browser or upload content from the SD card, as well as upload contacts or photos from the device.
The sychosts.exe reaches the Windows PC when the Android device is connected to it through the USB port. This does not seem to cause direct harm to the files on the PC, but makes the microphone record the user’s voice, encrypts the recordings and passes it to the attacker. Moreover, transferring autorun.inf and a PE file from smartphones to PCs running old and outdated versions of Windows are more vulnerable to attacks by this malware.
It is recommended that Google Play apps with high download numbers and trusted developer based have lower rate of malware threats, and hence are safer to be downloaded.