It is rather well-known that if you connect an infected PC to a mobile device, it can infect the device. However, there are those rare occasions when a nefarious mobile app can end up infecting a PC. So is the case with two Google Play apps recently discovered by Kaspersky Labs.
So far, Kaspersky Labs has discovered two such apps, namely ‘Superclean‘ and ‘DriodClean‘. The apps pretend as a system cleaner for Android. However, when an Android user download and installs them on his mobile device and then connects the device to his PC, these apps infect the PC with malware. Once inside the PC, the malware takes over the control of the microphone.
Google has removed the two aforementioned apps from its Google Play store. But we are sure that these apps were able to infect at least a few machines before the apps marketplace’s security alarm was triggered.
Once you download and run any of these apps, it lists all the running processes on the device and then restarts them, at the same time downloading malicious malware files. One of these files is ‘Backdoor.MSIL.Ssucl.a.’
When you connect the device to your PC, the autorun file is launched, executing the malware and turning on the microphone. It then records the audio and uploads that to the malware’s developers. Moreover, the app can also send messages, use Wi-Fi on its own, upload a file or an entire folder to the malware’s servers, delete messages and a lot more. In short, it is a tiny little cyber espionage tool that is shrouded as an Android app. Although they are no longer on the Google Play store, the example shows that similar other apps may found their way to the Android apps marketplace.
Source: Kaspersky Labs