IE 11 is not supported. For an optimal experience visit our site on another browser.

Creepy Android malware jumps from your phone to your PC

Malicious Android app
Superclean, an app with malware, has a twin called DroidCleaner. Both have now been removed from the Google Play Store.Kaspersky Lab
By Suzanne Choney

A new and frightening form of Android malware travels from the phone to a PC, where it can then open files on a computer, as well as collect information from contacts and gather photos among other invasive actions.

"We have come across PC malware that infects mobile devices before. However, in this case it's the other way round: an app that runs on a mobile device (a smartphone) is designed to infect PCs," writes Victor Chebyshev, Kaspersky Lab expert, on the company's Securelist blog.

Two Android apps, Superclean and "a twin brother," DroidCleaner, bill themselves as apps that can free up memory on phones, in turn helping them to run faster. They don't do that at all. Instead, once a user syncs his or her phone with a PC, say to update a music playlist, or for any reason, the malware is installed on the PC, and can infect workstations, Chebyshev says.

The malware, considered a bot, includes these features:

  • Sending SMS messages without your approval.
  • Enabling Wi-Fi.
  • Gathering information about the device.
  • Opening arbitrary links in a Web browser.
  • Uploading the phone's SD card’s entire contents.
  • Uploading an arbitrary file (or folder) to the server of the person or group behind the malware.
  • Uploading all SMS messages.
  • Deleting all SMS messages.
  • Uploading all the contacts/photos/coordinates from the device to the person or group behind the malware.

"This is the first time we have seen such an extensive feature set in one mobile application," Chebyshev writes.

He does say that in current versions of Microsoft Windows, "the AutoRun feature is disabled by default for external drives," including smartphones connected via USB. "However, not all users have migrated to modern operating systems. It is those users who use outdated OS versions that are targeted by this attack vector."

NBC News contacted Google about the malware, which had been available in its online Google Play Store, but isn't any longer.

"We don't comment on individual apps; we remove apps from Google Play that violate our policies," a Google spokesperson said.

Google Play is the main source of apps for Android, but there are plenty of websites out there where users can download mobile apps.

Fabio Assolini, senior security researcher at Kaspersky Lab, told NBC News via email that even though the apps are out of Google Play, "we know cybercriminals could send it again."

If a user does have either of the apps, they need to be removed manually, unless a user has anti-virus software already installed on the computer that detects the malware, he said.

And in the future, "in general, users must be aware of apps promising to speed up their Android device, as there's no miracle that software could do to speed up an old device with low memory," he said.

Check out Technology, GadgetBox, DigitalLife and InGame on Facebook, and on Twitter, follow Suzanne Choney.

Suzanne Choney