According to the 2014 Cisco security roundup and report, last year nearly 99% of all mobile malware making its way around the net was built and distributed exclusively for the Android family of portable devices. Phones like the Galaxy S4 and the Google Nexus line of tablets topped out the list as the most targeted devices, and now a new trojan has appeared on the web which could make them even more vulnerable than before.
Dubbed “Trojan.Droidpak”, the malware is able to access unsuspecting devices through an interesting attack vector that hadn’t been encountered in the wild before now. Instead of injecting through normal routes like malicious webpages or redirects, Droidpak is able to worm its way into the Android system when an unsuspecting user connects their device to a PC running Windows at home.
While set in “debugging mode”, the attackers were able to break into the root code of any device running Android 4.1 and above, including Ice Cream Sandwich, Jelly Bean, and even the newest iteration, KitKat 4.4. The malware then installs a fake version of the Google Play store that can automatically update false programs into all apps running on your device.
Thankfully, unless you’re a banker who’s currently working in Korea, chances are you’ll be safe from this particular variant of the malware threat.
“The malicious APK [Android application package] actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions.”
To avoid the problem from popping up in your life, never connect your phone to a PC you don’t trust beforehand, and be sure that the “debugging mode” option is switched off in your settings application.