Android Malware Moves From Phone to PC, Listens in on You With Your Own Microphone
The cyber-security wonks at Kaspersky have raised the alarm on a piece of malware for Android phones. The real target of the virus, though, isn’t the phone — it’s the computer users will plug it into. The malware, which was available until recently in the Google Play store, masquerades as simple Android phone clean up apps going by the (slightly ironic) names SuperClean and DroidCleaner. Once the apps made it onto a computer, though, they doesn’t clean up so much as clean house, copying sensitive data like photos and contact information to remote servers. That’s not unnerving enough for you? Don’t worry — to turn the creep factor up to 11, the malware is also capable of turning on PC microphones to listen in on users and relay along those recordings to its shadowy overlords.
The worst the malware did on phones seemed to be nothing, downloading a virus known as Backdoor.MSIL.Ssucl.a which sits dormant until the infected phone is connected to a PC. For Backdoor, that’s where the real fun begins, stealing your photos and information sending them off to servers in far away lands. While Google has 86ed the software from its official store, a quick search found that both apps remained available through different app stores.
If there’s a sliver lining to this tale of woe, it’s that the malware needed a pretty glaring vulnerability to infect a PC, as it takes advantage of Windows AutoRun feature, which was patched for in 2011. Thus, if you’ve properly updated your Windows OS in the last two years or so, you’re probably safe.
And if you haven’t, maybe this story will make for a gentle reminder that keeping your computer reasonably up-to-date can help you to avoid all sorts of embarrassing incidents, like someone else hijacking your computer to make a surreptitious recording of you singing along to show tunes in the privacy of your own home.