Thousands of new malwares come to our virus lab daily. The target could be both Android devices and Windows computers. They’re being detected under the Android:Ssucl-X name. The malwares are being spread through false apps to free up memory of the devices and enhance their performance. They were available at Google Play as Superclean (published at January 3rd and got 4,5 stars with more than one thousand installations) or DroidCleaner, both from Smart Apps developer. Both apps were not blocked by the protection system of Google Play, although they were removed some time after that. They still could be available for download in smaller stores.
When installed, the apps ask for a group of permissions from sending SMS to enable the WiFi network, handle the owner personal data including SMS, photos, contacts, GPS coordinates and also any data or file in the SD card!
After installed in the Android device, the apps download files to the SD card (autorun.inf, folder.ico and svchosts.exe). When the device was connected to a computer as an storage mass media (USB), the file svchosts.exe could be automatically executed in the computer, spreading the infection. Once in the system, the malware could activate the microphone and store the surroundings audio, encrypt it and send it to a FTP remote server.
The infection scheme is old, but the infection migration from mobile devices to the computer could be a new headache. The better would be stay protected by avast! Free Antivirus in the computer and avast! Free Mobile Security in the Android devices.
Some technical info about these malwares:
SHA-1: 183d694cc6b1565fce318531b56a6e9ce9f79149 – MD5: 89d71ec272778910941d2cd28a4cf776
SHA-1: 2853d37fbc729cd43ab7d12b5899edda9e59693e – MD5: f5546f1d7e5cd2b43cb81197d85ac0d3
SHA-1: 30e0b93c36afca1da5db5e11ba0b5f00a8401c7d – MD5: c293bc5cd1101b5b648b9ba92edf1994
Leave a reply