Loading...

Android Hack-Tool Steals PC Info

Over the weekend, Yeh, one of our Security Response Analysts, came across some interesting analysis on a Chinese language forum about an Android app that basically turns a mobile device into a hack-tool capable of stealing information from a connected Windows machine.

He managed to find a sample (MD5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (detected as Hack-Tool:Android/UsbCleaver.A) installs an app named USBCleaver on the device:

Android Hack-tool, USBCleaver

When the app is launched, it directs the user to download a ZIP file from a remote server:

USBCleaver, Download Payloads

It then unzips the downloaded file to the following location: /mnt/sdcard/usbcleaver/system folder.

The files saved are essentially utilities used to retrieve specific pieces of information when the device is connected via USB to a Windows machine. Note: we detect most of the files with older detections.

The following details are grabbed from the connected PC machine:

  •   Browser passwords (Firefox, Chrome and IE)
  •   The PC's Wi-Fi password
  •   The PC's network information

The app gives the user the option of choosing what information they want to retrieve:

USBCleaver

USBCleaver

USBCleaver

To run the utilities, the sample creates an autorun.inf and go.bat file at /mnt/sdcard. When the device is connected to a Windows computer, the autorun script gets triggered, which then silently runs the go.bat file in the background, which in turn runs the specified files from the usbcleaver/system folder.

The collected details are stored on the device at /mnt/sdcard/usbcleaver/logs.The app's user can click on the "Log Files" button to view the information retrieved from the PC:

USBCleaver

This isn't the first Android trojan reported this year with PC-infecting capabilities, since that "distinction" belongs to the trojan-spy apps family we detect as Sscul (listed in our Q1 2013 Mobile Threat Report).

Unlike the Sscul malware however, which is more focused on remote eavesdropping, USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt.

Fortunately, USBCleaver's Windows-infecting routine can be blocked by a simple measure that's been standard security advice for the last couple years: disabling the Autorun by default (this is already standard on Windows 7 machines). An additional mitigating factor is that most older Windows systems need to have mobile drivers manually installed in order for this attack to work.


Source:F-Secure
Reactions: 
iphone 1266386928317390070

Post a Comment

  1. Replies
    1. ✅MEET THE REAL HACKERS✅

      I Always Feel Bad Whenever we receive complaints from Clients About The Hackers They Met Before They Heard about us.
      These Days There Are alot of Hackers Online, You Just Have to Be Careful about who you meet for help, Because Some Of These People Are Scammers Pretending To be Hackers ❌❌❌
      You Can Always Identify Them With Their False Write Ups and False Testimonies Trying To Lure you Into their Arms.❌❌❌

      ✅COMPOSITE HACKS is here to Connect you with The Best Hackers Online So you can get saved from The Arms of the Fake Hackers❌❌

      ✅We have Legit Hackers and Private investigators at your service. 💻 Every member of our team is well experienced in their various niches with Great Skills, Technical Hacking Strategies And Positive Online Reviews And Recommendations💻🛠

      ✅We have Digital Forensic Specialists, Certified Ethical Hackers, Computer Engineers, Cyber Security Experts, Private investigators and more on our team. Our Goal is to make your digital life secure, safe and hassle-free.
      Some Of The Services we render includes:
      * Website hacking 💻
      * Facebook and social media hacking 📲
      * Database hacking, & Blog Cleaning🛠
      * Phone and Gadget Hacking 📲
      • CREDIT CARD Loading ( Strictly USA & UK Credit Cards Only) 💳
      * Clearing Of Criminal Records ❌
      * Location Tracking 📲
      and many More

      ✅We have a team of seasoned PROFESSIONALS under various skillsets when it comes to online hacking services. Our company in fact houses a separate group of specialists who are productively focussed and established authorities in different platforms. They hail from a proven track record Called “HackerOne” and have cracked even the toughest of barriers to intrude and capture or recapture all relevant data needed by our Clients. Some Of These Specialist Includes ⭐️ PETER YAWORSKI ⭐️FRANS ROSEN⭐️ JACK CABLE ⭐️JOBERT ABMA⭐️ ARNE SWINNEN ⭐️And More. All you Need To do is To Write us a Mail Then We’ll Assign any of These Hackers To You Instantly.

      Feel Free To Mail Us Anytime 📩

      📩 CONTACT:
      E-mail: compositehacks@gmail.com
      Hire a Hacker!
      Want faster service?
      Contact us!
      HackerOne©️LLC 2018.
      All Rights Reserved ®️

      ★We Treat Every Request With Utmost Confidentiality★

      Delete
  2. I've used AVG protection for a couple of years, I'd recommend this solution to everyone.

    ReplyDelete
  3. BlueHost is definitely the best hosting provider for any hosting plans you require.

    ReplyDelete
  4. Hi Everyone, i had my friend help me hack my ex's email, facebook, whatsapp,and his phone cause i suspected he was cheating. all he asked for was a his phone number. he's email is (cyberhackpros@gmail.com)..IF u need help tell him i referred you to him and he'll help. Am sure his going to help you do it, good luck contact him via email/phone CYBERHACKPROS@GMAIL.COM or +1 512 605 1256 Tell him i reffered you.He will help youY INSTAGRAM:Cyberhackprofessionals

    ReplyDelete
  5. i strongly recommend the service of a GREAT Hacker to you and his email is ballinhackings@gmail.com I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your partner/spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, Snap Chat, Hang out, Twitter, Hangout, Bank accounts, office files, Update and Upgrade High/University grades, Boost credit scores etc

    Getting the JOB done is as simple as sending an email to ballinhackings@gmail.com stating what you want to do.

    ReplyDelete

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker