Droidpak Trojan

Symantec researchers have found what they are calling the first known example of Windows malware specifically designed to infect Android devices. This new Android banking malware leverages vulnerable PCs to install itself on Android mobile devices.

Droidpak is a trojan designed to exploit the Windows operating system and gain a foothold on the victim’s computer. After Droidpak settles in, it contacts a remote command & control server. Then the remote server sends a configuration file back to the infected Windows computer. The configuration file references a website. The infected computer tries connecting to the website. If successful, an Android malware file will begin downloading.

Droidpak to successfully install its payload – Android.Fakebank.B will show up as a “Google App Store” application.

Once installed, Android.Fakebank.B looks to see if there are any mobile banking apps installed on the Android device. Symantec said the version of Android.Fakebank.B studied was specifically targeting Korean-banking applications. If Android.Fakebank.B finds a familiar banking app; it attempts to make the user believe the currently installed banking app is malware, should be removed, and replaced by Android.Fakebank.B. If the user agrees and loads Android.Fakebank.B, the malware is in position to steal login credentials and possibly account information when the user logs in using what is thought to be the correct banking app.

Symantec mentions that, “Android.Fakebank.B also intercepts SMS messages on the compromised device.”  Experts suggest turning off USB debugging on Android devices. Most people will not use USB debugging as it’s a developer tool, and used to side-load Android applications from a computer.

Several things have to go right before the Droidpak/Android.Fakebank.B malware combination can successfully steal banking information, but that was also the case with the first versions of banking malware targeting PCs.

Source: http://www.techrepublic.com/blog/it-security/droidpak-a-sneak-attack-on-android-devices-via-pc-malware/


25 thoughts on “Droidpak Trojan

  1. So is the malicious app actually named Android.Fakebank.B? Cause that would make it really easy to detect, I’d reckon.

    • Its a wonder that these hackers are smart enough to make these trojans and viruses but are stupid enough to name them something obvious like that

      • It’s a Swiss bank in Japan, there’s nothing faulty about it. When I become a millionaire I’m gonna hide all my dough with them

  2. yes i guess it is
    But don’t you have many apps like fake caller or fake message that people download

    • I agree. No matter what device you have, there are vulnerabilities in which hackers can try and gain access to your information. Not exactly the trend we want.

      • I don’t really think there is a way to make something as complex as a smartphone and have zero vulnerabilities though. The focus should be on keeping them to a minimum, imo.

  3. Reading this was pretty alarming, it’s easy to think that phones are pretty secure based on their authorized libraries of apps. Now we have to look out for transfer of viruses, which is pretty scary.

  4. I don’t know if I am reading this improperly, but doesn’t this mean it’s being downloaded via the synced account on Google Play (to phone remote download via infected PC) , wouldn’t that be fairly easy to fix? Just either A) Have a second factor of authentication for remote downloads (User must open email on phone and type in a captcha or some form of validity check
    Or b) Just have some kind of confirmation and virus scan inside the Google Play system to prevent things like this happening?

    • Because Koreans are high rollers. Especially the North Korean populace. Our tax dollars, and our tuition are really going to give them bigger houses and clothes.

  5. I personally don’t use an android device. But i read that this malware is transferred via USB debugging.

  6. There are malware for iphones too, its just not as common. Remember just a few months ago there was a huge security flaw discovered in the IOS update.

  7. But on second thought an IPhone may be the solution, you cant get malware on a phone that never holds a charge

  8. Iphones not the way to go unless you still have the apple care for it.. All they do is break 24/7. there doesnt need to be malware for the iphone to break…. and they hold a charge better than your phone.

Comments are closed.