Skip to main content

Google Play hosts PC-hopping, voice-recording Android malware

Kaspersky Lab has uncovered new Android malware lurking within a supposed ‘cleaner’ app, whose capabilities include stealing data from the victim’s phone and PC as well as eavesdropping on conversations.

The malware is transferred via the bogus app, ‘Superclean’ (above) and its equally vicious twin, ‘DroidCleaner’. Though neither can currently be found from a search in the Google Play store, Kaspersky has screenshots of its existence. As worrying as its presence in the official Android app store is the fact that it also had a strong four-and-a-half star rating - its apparent reliability creating an easy trap for users to fall into.

Once downloaded, the app can send SMS messages and gather information about the device, but the menace increases once the victim connects their smartphone to their PC as the malware transfers to Windows, uploading the entire contents of the phone’s SD card and even gaining control of the infected machine’s microphone. Therefore, as soon as sound is detected, the malware writes audio data to a file and sends the file to the master servers.

Kaspersky’s report says, “This is the first time we have seen such an extensive feature set in one mobile application,” and adds that the method of attacking a smartphone then waiting for it to connect to a PC is a “completely new attack vector.”

Fortunately, users running a modern version of Windows on their PC should be protected by the fact that AutoRun for external drives is disabled by default on the OS. Those who haven’t migrated from outdated Windows versions may not be so lucky.

The Android platform has long been criticised for not being rigorous enough in preventing dangerous apps from circulating and dispelling malware sources. Security research towards the end of 2012 reported a significant surge in malware on Google’s OS.