Android has continued to increase marketshare and with the new releases of Jellybean and KitKat the platform has become a favorite for consumers and developers alike. Along with the popularity, Android has now become the target of even more attacks using virus and malware applications. The most recent has been dubbed Trojan.Droidpak. It tries to install mobile banking malware. The thing about it is that it tries to install it via Windows.
“We’ve seen Android malware that attempts to infect Windows systems before,” Symantec researcher Flora Liu said in a blog post. “Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.” – Source Blog
Windows malware drops a DLL file that is malicious on the computer, then registers it as a system service. The from a remote server it downloads the configuration file and this is where the malicious APK which is called AV-cdk.apk.
The installation is repeated over and over to insure that the device does end up infected. Successful infection requires that USB debugging mode be enabled. The APK actually looks for certain online banking apps on the device and then prompts the user to delete and install the malicious version.
It has been recommended that users disable USB debugging mode unless it is absolutely necessary to what they are currently working on. It’s also recommended that users install a trusted security application as well.