Android hack-tool targets Windows PCs
Source: F-Secure "USB Cleaver" is the name of a hacking tool discovered by analysts at F-Secure which doesn't go after the Android devices data – instead its designed to steal information from PCs. The tool only works though if autorun is enabled on the PC, and, in newer versions of Windows, that is disabled by default.
The Android app first downloads a 3MB ZIP file which it unpacks into a folder on the device's SD card. The files themselves are just various utilities that can grab information like Firefox, Chrome or IE passwords, the PCs
Source: F-Secure Wi-Fi password or other network information. The prospective attacker can use the app to select what information, and by extension what utilities, are configured to be run by
autorun.inf and a
go.bat batchfile in /mnt/sdcard. When the device is then plugged into a PC,
/mnt/sdcard is mounted and, if autorun is enabled, go.bat and the payload are executed. The utilities save their results in
/mnt/sdcard/usbcleaver/logs which the app user can view later by clicking "Log files" in the app.
The malware seems to be designed to assist a targeted attack by helping gather details but is mitigated by the fact that Windows 7 and later have disabled autorun and older versions of Windows may well need mobile drivers to be installed to allow the attack to work.