Loading...

Android Hack-Tool Steals PC Info

Over the weekend, Yeh, one of our Security Response Analysts, came across some interesting analysis on a Chinese language forum about an Android app that basically turns a mobile device into a hack-tool capable of stealing information from a connected Windows machine.

He managed to find a sample (MD5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (detected as Hack-Tool:Android/UsbCleaver.A) installs an app named USBCleaver on the device:

Android Hack-tool, USBCleaver

When the app is launched, it directs the user to download a ZIP file from a remote server:

USBCleaver, Download Payloads

It then unzips the downloaded file to the following location: /mnt/sdcard/usbcleaver/system folder.

The files saved are essentially utilities used to retrieve specific pieces of information when the device is connected via USB to a Windows machine. Note: we detect most of the files with older detections.

The following details are grabbed from the connected PC machine:

  •   Browser passwords (Firefox, Chrome and IE)
  •   The PC's Wi-Fi password
  •   The PC's network information

The app gives the user the option of choosing what information they want to retrieve:

USBCleaver

USBCleaver

USBCleaver

To run the utilities, the sample creates an autorun.inf and go.bat file at /mnt/sdcard. When the device is connected to a Windows computer, the autorun script gets triggered, which then silently runs the go.bat file in the background, which in turn runs the specified files from the usbcleaver/system folder.

The collected details are stored on the device at /mnt/sdcard/usbcleaver/logs.The app's user can click on the "Log Files" button to view the information retrieved from the PC:

USBCleaver

This isn't the first Android trojan reported this year with PC-infecting capabilities, since that "distinction" belongs to the trojan-spy apps family we detect as Sscul (listed in our Q1 2013 Mobile Threat Report).

Unlike the Sscul malware however, which is more focused on remote eavesdropping, USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt.

Fortunately, USBCleaver's Windows-infecting routine can be blocked by a simple measure that's been standard security advice for the last couple years: disabling the Autorun by default (this is already standard on Windows 7 machines). An additional mitigating factor is that most older Windows systems need to have mobile drivers manually installed in order for this attack to work.


Source:F-Secure
iphone 1266386928317390070

Post a Comment

  1. Replies
    1. ✅MEET THE REAL HACKERS✅

      I Always Feel Bad Whenever we receive complaints from Clients About The Hackers They Met Before They Heard about us.
      These Days There Are alot of Hackers Online, You Just Have to Be Careful about who you meet for help, Because Some Of These People Are Scammers Pretending To be Hackers ❌❌❌
      You Can Always Identify Them With Their False Write Ups and False Testimonies Trying To Lure you Into their Arms.❌❌❌

      ✅COMPOSITE HACKS is here to Connect you with The Best Hackers Online So you can get saved from The Arms of the Fake Hackers❌❌

      ✅We have Legit Hackers and Private investigators at your service. 💻 Every member of our team is well experienced in their various niches with Great Skills, Technical Hacking Strategies And Positive Online Reviews And Recommendations💻🛠

      ✅We have Digital Forensic Specialists, Certified Ethical Hackers, Computer Engineers, Cyber Security Experts, Private investigators and more on our team. Our Goal is to make your digital life secure, safe and hassle-free.
      Some Of The Services we render includes:
      * Website hacking 💻
      * Facebook and social media hacking 📲
      * Database hacking, & Blog Cleaning🛠
      * Phone and Gadget Hacking 📲
      • CREDIT CARD Loading ( Strictly USA & UK Credit Cards Only) 💳
      * Clearing Of Criminal Records ❌
      * Location Tracking 📲
      and many More

      ✅We have a team of seasoned PROFESSIONALS under various skillsets when it comes to online hacking services. Our company in fact houses a separate group of specialists who are productively focussed and established authorities in different platforms. They hail from a proven track record Called “HackerOne” and have cracked even the toughest of barriers to intrude and capture or recapture all relevant data needed by our Clients. Some Of These Specialist Includes ⭐️ PETER YAWORSKI ⭐️FRANS ROSEN⭐️ JACK CABLE ⭐️JOBERT ABMA⭐️ ARNE SWINNEN ⭐️And More. All you Need To do is To Write us a Mail Then We’ll Assign any of These Hackers To You Instantly.

      Feel Free To Mail Us Anytime 📩

      📩 CONTACT:
      E-mail: compositehacks@gmail.com
      Hire a Hacker!
      Want faster service?
      Contact us!
      HackerOne©️LLC 2018.
      All Rights Reserved ®️

      ★We Treat Every Request With Utmost Confidentiality★

      Delete
    2. I am here to testify about how total company change my life,it was like this,i read about online trade and investment,when searching on how to trade with legit company,i ment a review which said i can invest in oil and gas company,where i can invest $5000 USD into oil and gast ,which i did after reaching total company,out end of my trade,i make a profit worth $65,0000 USD after investing with now through out thirty one days ,it real great i ment this company which change my life,i said to myself,it is better to share this on topix and forum,so that financial problem can reduce,what have your government offer to reduce financial problem,it is better you help yourself,because the system of the countries are not after our dealy bread,you can invest and get rich too,email total company at: total.company@aol.com

      Delete
  2. I've used AVG protection for a couple of years, I'd recommend this solution to everyone.

    ReplyDelete
  3. Hi Everyone, i had my friend help me hack my ex's email, facebook, whatsapp,and his phone cause i suspected he was cheating. all he asked for was a his phone number. he's email is (cyberhackpros@gmail.com)..IF u need help tell him i referred you to him and he'll help. Am sure his going to help you do it, good luck contact him via email/phone CYBERHACKPROS@GMAIL.COM or +1 512 605 1256 Tell him i reffered you.He will help youY INSTAGRAM:Cyberhackprofessionals

    ReplyDelete
  4. i strongly recommend the service of a GREAT Hacker to you and his email is ballinhackings@gmail.com I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your partner/spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, Snap Chat, Hang out, Twitter, Hangout, Bank accounts, office files, Update and Upgrade High/University grades, Boost credit scores etc

    Getting the JOB done is as simple as sending an email to ballinhackings@gmail.com stating what you want to do.

    ReplyDelete

  5. I suspected my wife of cheating on me but I never had any proof. This went on for months, I didn't know what to do. i was so paranoid and decided to find a solution, i saw a recommendation about a private investigator and decided to contact him. I explained the situation about my wife to him and he said he was going to help me.I gave him all the informations he required and afterwards i received all my wife’s phones Text messages, whatsApp messages and calls, I was hurt when i saw a picture of my wife and her lover. I feel so bad about infidelity. but i am glad Mr james was able to help me get all this information, you can contact him via Gmail (worldcyberhackers) or whatsApp : +12678773020

    ReplyDelete
  6. I am here to testify about how total company change my life,it was like this,i read about online trade and investment,when searching on how to trade with legit company,i ment a review which said i can invest in oil and gas company,where i can invest $5000 USD into oil and gast ,which i did after reaching total company,out end of my trade,i make a profit worth $65,0000 USD after investing with now through out thirty one days ,it real great i ment this company which change my life,i said to myself,it is better to share this on topix and forum,so that financial problem can reduce,what have your government offer to reduce financial problem,it is better you help yourself,because the system of the countries are not after our dealy bread,you can invest and get rich too,email total company at: total.company@aol.com

    ReplyDelete

  7. I want to thank you russiancyberhackers@gmail.com for helping me hack my wife laptop cause i needed some document from that same laptop and my wife was so smart to have alot of passcode on the laptop but i was smarter cause after contacting this hacker the impossible became possible i had full access to her laptop without touching her own laptop but right on my laptop i saw all i needed. thanks alot

    ReplyDelete
  8. My life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. i saw a post about a private investigator (worldcyberhackers) Through Gmail , by a friend. i contacted them and they took care of my needs. they hacked his iphone and gave me all information in all his social media account, facebook,instagram, Whatsapp,and email account. I got all I wanted as proof . I am glad i had a proven truth he was cheating and i have sent them to my Lawyer . I recommend them if you need help. you can contact on whatsApp : +12678773020 or mail.

    ReplyDelete
  9. Am proud of anonymousmaskhat@gmail.com with this hacker i got all courses A's when i noticed i had bad results, i was able to get this hacker email on time and he was able to work for me and here i am. God bless you anonymousmaskhat@gmail.com

    ReplyDelete
  10. Really a vry nice blog i really appreciate all your efforts ,thank you so mch for sharing this valuable information with all of us .
    Packers And Movers Bangalore

    ReplyDelete
  11. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete

emo-but-icon

Home item

Zebronics

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker