Tuesday, January 28, 2014

New Windows malware infects Android devices sync'ed to the PC

Oh, goody:
Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets.

The Droidpak mobile banking trojan exploits syncing between smartphones and Windows PCs to jump from a compromised PC onto an Android device.

The Windows Trojan downloads a malicious .APK file (an Android application) onto an infected computer. The malware also downloads a command line Android Debug Bridge (ADB) tool, a utility that allows the malicious code to execute commands on Android devices connected to an infected computer.

ADB is a legitimate utility that's part of the official Android software development kit.
This is a pretty neat trick that they pulled off.  Let me emphasize once again that you do not want to bank from your phoneEver.


Spike said...

The ADB hacks are getting a bit more evil lately.

I've hard tales that the latest ones can bypass the locks on your phone and download all your data.

Perfect for law enforcement use.

Jake (formerly Riposte3) said...

I'll take the opportunity to repeat my usual advice on this topic. Whether you use electronic banking or not, you should always follow Rule 1: Have (at least) 3 separate bank accounts. One for bills, one for day-to-day expenses, and one for emergency funds. The emergency account should be sufficient to cover the higher of the two accounts, and preferably both, for at least one entire pay period, in case either one is compromised. Ideally, the emergency account should be at a different bank.

Basically, assume your account will be compromised at some point, and pre-plan accordingly.