Windows malware that can infect an Android mobile is real, but requires USB debugging to be enabled.
Research by Symantec found that a Trojan named Trojan.Droidpak drops a malicious DLL that downloads a configuration file from a remote server which parses a configuration file in order to download a malicious APK to the compromised device, as well as download necessary tools such as Android Debug Bridge (ADB). The ADB is a legitimate tool and part of the official Android software development kit (SDK).
However successful installation requires the USB debugging Mode to be enabled on the Android device. Once installed, the malicious APK looks for Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions.
According to Hacker News, such Windows malware is first of its own kind, since attackers prefer to use the social engineering techniques to spread their fake malicious apps hosted on third-party app stores.
In an email to IT Security Guru, a spokesperson for Pen Test Partners said that this seemed genuine, but it relied on having the USB debugging mode enabled on your phone, which it strongly recommended against.
“It will also get harder if the user is using the Jelly Bean 4.3 or Kit Kat 4.4 versions of Android as these have an authorisation step for USB debugging. The other thing is that it looks like the app will need some permissions to work, and the command being used will bring up a window asking whether the phone user accepts these permissions,” they said.
