Keyloggers by Robbert van der Steeg

Windows users are accustomed to malware and the dangers it can present. An attack on your PC could easily put your personal data and online credentials at risk.

Now, with mobile phone software becoming more sophisticated, malware is a problem that could follow us anywhere.  And an Android app recently discovered on Google Play, disguised as a system cleaner, was doing just that.

The app, discovered by Kaspersky, was called DroidCleaner. Its infection process began by downloading three files to your phone’s SD card upon running the app.

From there, it would lie in wait for your phone to be connected to a computer via USB. It then launches an autorun, activated by the USB connection, and uses those previously downloaded files to control your computer’s microphone, record you, and send recordings to the attacker.

DroidCleaner Android Malware

But that’s simply the Windows side of things. DroidCleaner’s list of possible Android attacks makes PC eavesdropping seem like child’s play:

  • Sending SMS messages
  • Enabling Wi-Fi
  • Gathering information about the device
  • Opening arbitrary links in a browser
  • Uploading the SD card’s entire contents
  • Uploading an arbitrary file (or folder) to the master’s server
  • Uploading all SMS messages
  • Deleting all SMS messages
  • Uploading all the contacts/photos/coordinates from the device to the master

Kaspersky notes that DroidCleaner’s creators, while failing to develop a large install base, did have a very well thought out approach. But while using a smartphone to attack a PC may be a new strategy, it’s not likely one to affect new Windows users as AutoRun, the feature used to start the attack, is disabled in newer versions.

The fact that Google Play, the official marketplace for Android apps, was the source for this app is somewhat disconcerting. While savy users are likely to be wary of an app with a low install base, many may blindly install apps and unwittingly find themselves victims of malware.

The best way to avoid being infected with malware on Android is to run a trusted security app, such as Lookout.

Lookout runs a security scan on every app during the installation process and could help prevent the types of attacks presented by apps like DroidCleaner.

Being aware of the apps you install and keeping an eye out for suspicious activity on your phone should be a priority for all smartphone users.

Source: SecrureList (via Gizmodo)