Friday 24 January 2014

Is your phone here? Then own that too

So an interesting post has been made by Symantec regarding a piece of Windows malware. Nothing unusual in that, except it has a quick poke at ADB

http://www.symantec.com/connect/blogs/windows-malware-attempts-infect-android-devices

ADB (the Android Debug Bridge) is used mainly by Android application developers to unlock extra features on their Android phone and allows them to more easily sideload and monitor applications.

Enabling this feature is not trivial. On a modern phone you need to display the initially hidden settings menu, select to enable ADB, accept the warning, plug in the phone via USB, accept the PC's RSA certificate, install adb on the PC and finally run adb from the command line.

This surely represents a very small group of people. But the malware takes a poke anyway...



According to Symantec, it installs adb and then tries to run "adb.exe install AV-cdk.apk", a malicious app designed to attack Korean bank users. It would require the user to have their Android phone with ADB enabled, plugged in to the PC via USB. This raises a number of interesting options:
 1. If the malware is doing other things, then this is perhaps just a stab in the dark that might affect 1 in a million.
 2. The malware is targeting a very niche group of people: developers