AS MUCH as Google tries to filter out malicious content from its Play Store, there is still a growing risk of malicious content that can sneak into the device via its app repository. However, there are also other ways that an Android device can be compromised.
Symantec has discovered a new malware called Trojan.Droidpak which tries to infect Android devices once they are plugged into an infected PC.
The malware installs itself as a system service on a Windows PC, and then downloads a malicious APK (Android application package) file and other necessary tools.
After that all it requires is for an Android device to be connected to the PC for the malicious APK to be installed. For this to happen though it will require USB debugging to be enabled in the Android device.
Trojan.Droidpak will then set itself as a clone of the Play Store. It will appear in the app drawer with the same icon as the Play Store but bearing the name Google App Store instead of the usual Play Store.
It will then look for certain Korean online banking applications on the compromised device and, if found, prompts the user to delete them and install malicious versions.
The malware is also capable of intercepting text messages and forwards them to a server that is used to bypass the SMS authentication systems that is usually used by banks for online transactions.
Even though this malware only targets Korean banks at the moment, it could be replicated to work with other banks across the world.
It can also be used to load other types of malware.
As scary as this malware sounds, there are obvious ways to prevent it. First of all, USB debugging should only be enabled when necessary by those who know what they’re doing with their devices.
Next, you should protect both your Windows machine and Android device with reliable antivirus software. Also, be wary of connecting your Android device to an unfamiliar PC. — Donovan Quek
Android under attack