Infecting mechanisms of computer virus on Windows has widened beyond popular ones like via USB, Chat, Email, etc. One of the new ways that not many of us are aware of is via malicious smartphone-based applications. Viruses use mobile devices as a bridge to infect personal computers, then steal users’ data. They often hide in utility applications and present on even orthodox store like Google Play.
The moment a malicious application being launched on a mobile device, it will immediately download viruses (which will then be used to attack computers) from hackers’ servers and save them on external memory (SD card). The fact that people often connect their mobile devices to personal computers to sync music, video or install applications, unintentionally allows viruses to infect computers and steal users’ data. Stolen data will then be encrypted and sent to hackers.
The typical examples for this attacking mechanism are two Android-Window spyware families: DroidCleaner and SuperClean. Introduced as two free utility applications for Android with smartphone cleaning and optimizing features to deceive users, but as soon as they are launched, malicious files (autorun.inf, folder.ico, svchosts.exe) will be downloaded from hackers’ server claco.kicks-ass.net
The downloaded malware is indeed a backdoor containing NAUDIO library which functions the eavesdropping after infecting users’ computers.
When this backdoor detects the use of microphone (for voice chat on Skype, Yahoo!, etc.) on victim computers, it will record the conversations and save them as files.
After encrypting these files, the backdoor will send all of them to the hackers’ server via FTP protocol.
Furthermore, with permissions upon app installation, hackers can expand the scale of data stealing on mobile devices to sending, stealing or deleting all SMS, contacts, collecting device information and so on.
Users are advised to be careful when connecting their smartphone to computers and equip both of the devices with proper antivirus software.
Vu Dan Hoai Vu