Malware – whether we’re talking trojans, viruses, worms, or the old logic bomb – tends to be very platform-specific. By its nature, that makes a lot of sense; the exploits that allow malware to plant its roots in a system are themselves often intimately tied to the OS, and the need for this code to run and spread virtually unassisted means it can’t get too bogged down by planning to infect every possible system it comes across – it needs to do one thing, and do it well. So smartphone malware, by and large, tends to stay just on smartphones. Last year, though, there was at least one innovative piece of nasty code that attempted to spread its infection from an Android phone to your PC, and today we learn about one that works the other way, leveraging a compromised PC to subsequently infect your phone.
The malware, dubbed Trojan.Droidpak, first infects a Windows PC, at which point it downloads ADB – Android Debug Bridge, the same dev tool a lot of us use ourselves to interact with our phones – and attempts to install a data-stealing fake Play Store on any phone connected to the infected PC.
Avoiding its wrath is simple enough (just don’t enable USB debugging on your phone unless you specifically intend to be engaging in any), and the payload itself is largely focused on hacking South Korean bank accounts, but we’re less interested in Trojan.Droidpak because of the specific threat it poses, and more in how it represents a new way for malware to get to our phones. Avoiding sketchy sideloaded apps just won’t cut it anymore.