Underground Android Tool To Target PC Data

Underground malware pushers have created an Android app that can be used to steal data from PCs, whose highly-targeted nature has surprised researchers.

The tool was discovered on a Chinese language hacker forum and affects Android and Windows users. It  installs an app named USBCleaver, which, upon launch, directs victims to download a ZIP file from a remote server.

Android the target

Additional files are saved on to the user’s system, which direct the Android device to extract data from a Windows machine when connected via USB. That data includes browser passwords, affecting the three most popular browsers: Firefox, Chrome and Internet Explorer.

The PCs Wi-Fi password and the PC’s network information are also siphoned off, F-Secure said. The company noted the malware’s uniqueness lay in its targeted nature.

“USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt,” F-Secure said in a blog post.

“To run the utilities, the sample creates an autorun.inf and go.bat file at /mnt/sdcard. When the device is connected to a Windows computer, the autorun script gets triggered, which then silently runs the go.bat file in the background, which in turn runs the specified files from the usbcleaver/system folder.

“The collected details are stored on the device at /mnt/sdcard/usbcleaver/logs.The app’s user can click on the ‘Log Files’ button to view the information retrieved from the PC.”

F-Secure advised users to disable autorun by default, as this should prevent the threat working.

Android malware continues to be the scourge of the mobile world. Juniper Networks recently claimed Android was the target for 92 percent of all known mobile malware.

Think you know everything about Android? Try our quiz!