F-Secure researchers recently came across a malicious Android app that's designed to steal information from a connected Windows machine.
In the sample studied by F-Secure security response analyst Yeh, the app, named USBCleaver, directs the user to download a ZIP file from a remote server when it's first launched.
The file, which is then unzipped and saved to the device's SD card, contains a set of utilities designed to retrieve browser passwords, Wi-Fi passwords and network information when the device is connected to a Windows PC via USB.
"This isn't the first Android trojan reported this year with PC-infecting capabilities, since that 'distinction' belongs to the trojan-spy apps family we detect as Sscul (listed in our Q1 2013 Mobile Threat Report)," the researchers write. "Unlike the Sscul malware, however, which is more focused on remote eavesdropping, USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
To block attacks like this one, F-Secure recommends that Windows users simply disable Autorun by default.