Related Articles
A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.
Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.
The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky’s blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and then send the contents to the malware distributor.
Related stories
- Researchers bypass Google’s Android malware detector
- Security firm: Android malware pandemic by year’s end
- Apple’s iOS and Android are new favorite malware victims
- FBI warns users of mobile malware
- Should malware risks factor into the iPhone vs. Android debate?
The attack did depend on the AutoRun feature being enabled in Windows for external drives, which is disabled by default in newer versions of the operating system.
Instead, users with older versions of Windows or those who renabled AutoRun could have been at risk. People would also have had to connect their Android devices to their PCs, but that’s a broad group, according to Kaspersky.
“A typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device,” the blog noted. “Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme.”
Why a cybercriminal would want to record a PC user’s conversation isn’t clear. But the fact that such a hack is possible is alarming. And the malware was capable of more than just eavesdropping. As detailed by Kaspersky, the apps offered the following repertoire:
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
Superclean and DroidCleaner no longer appear in Google Play. But their initial stay in the app store shows that Android users always need to be cautious about the software they download and install.
