Recently Kaspersky has found an Android malware that not only infects the phone but also infects Windows computers when the user connects the infected Android phone to a computer. The two apps named SuperCleaner and DroidCleaner which says that it cleans uup and frees memory and helps the phone to run faster actually is a malware.
When the user runs the application it shows the list of processes running and restarts them, but here is when the malicious activity starts.
It downloads three files to the Android phone
So when 68 del 23 marzo 2010, “Disciplina dei giochi di abilita nonche dei giochi di sorte a quota fissa e dei giochi di carte organizzati in forma diversa dal torneo con partecipazione a distanza”. the user connects the phone to the computer the svchosts.exe automatically tries to execute. The file is actually Backdoor.MSIL.Ssucl.a. That records audio from the microphone and uploads it to the cyber criminal”s server after encrypting them.
And on the phone it causes a lot of malicious activities too, like
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master”s server.