It’s been long since our last malware report, and we liked it that way, but we mustn’t let this one slip. Namely, we are talking about a malicious app known by its name DroidCleaner that surprisingly made its way on the Play Store.
What DroidCleaner does best is infecting your PC with a Trojan Horse when the phone is connected in Mass Storage Mode, enabling it to use the computer’s microphone to record your conversations, encrypt and send them to master’s server. The app uses a now-obsolete method of infection – it places an autorun.inf file in the root of the sdcard, and when it’s mounted on the PC, it starts doing its job, if the OS allows it, that is. Kaspersky Lab Expert Victor Chebyshev explains:
“Generally speaking, saving autorun.inf and a PE file to a flash drive is one of the most unsophisticated ways of distributing malware. At the same time, doing this using a smartphone and then waiting for the smartphone to connect to a PC is a completely new attack vector. In the current versions of Microsoft Windows, the AutoRun feature is disabled by default for external drives; however, not all users have migrated to modern operating systems. It is those users who use outdated OS versions that are targeted by this attack vector.
Thus, a typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device. Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme.”
But hold on, that’s not everything this bad boy can do. Here’s a list of its other features:
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
That’s all we can say about this one. And our suggestions? Download apps and games ONLY from trusted developers. If the app looks fishy, it probably is, and it’s not worth wasting time on. We will keep track on further malware reports to keep you informed.