We all know about the threat of malware. We know our PC can get infected, we know our mobile device can get infected. Sometimes, it’s even possible for our PC to infect our mobile device, but did you know your mobile device can be used to infect your PC? A new threat discovered by Kaspersky Lab researchers disguises itself as a system cleaner for Android, and when it gets the chance, infects your PC and takes over your microphone.
The app in question is called “Superclean”, and also has an identical twin by the name of “DroidCleaner”. Both apps have been removed from Google Play by now, but they serve as a reminder to beware of unknown apps. Once downloaded, the app lists all running processes on the device and restarts them – apparently doing its job – but it also downloads three malicious files (autorun.inf, folder.ico, svchosts.exe) in the background, one of which is in fact Backdoor.MSIL.Ssucl.a.
Once connected to a PC running an older version of Windows, the autorun component is launched, and the malware is executed. The trojan takes control of your PC’s microphone, enables it, and uses it to record you and upload the results to the malware’s developers.
According to Kaspersky, the malware is aimed at users with lower-end Android devices who are looking for speed-up solutions, and those running older versions of Windows where the AutoRun still works. In addition to installing a trojan on your PC, the app also includes the following capabilities:
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
The lesson? Protect your mobile device, and try to stick to apps with many downloads and reviews. If you’re looking for legit ways to enhance Droid’s abilties, check out this guide on speeding up Android, or this one on freeing up Android storage space.
What do you think of this new infection? Will it make you more wary when installing apps?