New malware tries to infect Android devices via USB cable

USBcable - New malware tries to infect Android devices via USB cable

Gone are the days when only downloading from Google Play was enough to stay safe. Anti-virus and security company Symantec has released details of a new piece of Windows malware that tries to infect Android devices when they are plugged into a compromised PC.

The new malware, called Trojan.Droidpak, installs itself as a system service on a Windows PC and then downloads a malicious banking .apk file. It will also probably download the Android debugging tool ADB. Once ADB is installed the malware will wait for an Android device to be connected and then install the banking trojan via sideloading. The good news is that USB debugging needs to be enabled in the Android device for this to work.

The malicious Android app is a variant of Android.Fakebank.B and installs itself as a clone of the Google Play Store. It will then look for certain Korean online banking apps and prompt the user to delete them and install malicious versions from the fake Play Store. The malicious app can also intercept SMS messages and forward them on to a server that is undoubtedly used to help bypass the SMS authentication systems used by the banks.

Although the currently active versions of this malware target Korean banks, the same setup could be used to sideload a huge variety of malware that target banks all around the world, or sideload other types of malware like premium rate SMS apps.

See Full Story on

Leave a Reply