Trojan uses LiveCD for Android running on x86 platforms as bait

IT in Manufacturing

Engineering design software suppliers

Industrial software for PC suppliers

Manufacture/Management system suppliers

printer friendly version

June 2010 IT in Manufacturing

With the growing interest in testing the new Android OS on x86 platforms, cybercriminals are looking to exploit vulnerable users wanting to install the operating system on their PCs. A piece of malware is hosted by a fake webpage, imitating the original Android LiveCD one, and offering the 'hunted' software.

In essence, Google Android is a Linux kernel-based operating system for mobile phones. The statistics published on different Android-related sites and mobile advertising networks reflect its success worldwide:

* About 60 000 Android phones are sold daily and about 22 000 000 a year.

* Android Market delivers over 30 000 Android Apps.

* About 60% of Android Apps are free.

* 167 Apps have been downloaded between between 667 000 and 2,9 million times.

* The average paid Android app is priced at $3,27.

Android-powered Netbooks have recently appeared on the market, meaning that Android OS can now be installed on Netbooks and, of course, on normal PCs. A quick search on the Internet for 'Android on PC' and, here it is: a long list of sites offering the possibility to test the new OS on x86 Windows platforms.

Figure 1. Results for 'Andoid on PC' Internet search

An apparently unsuspicious link in the returned list of results, one click, and the user is redirected to a look-alike of the LiveAndroid page, which, instead of the promised OS for PCs, delivers a Trojan.

Figure 2. Trojan instead of Android OS

Identified by BitDefender as Trojan.Generic.KD.13718, this piece of malware affects only Windows platforms and contains malicious or potentially unwanted software which it drops and installs on the system. Frequently, it installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the captured system.

A closer look at the fallacious site and at the downloaded file reveals several differences, the most important of which being that the downloaded file should have an .iso image, not an .exe extension. The sites may look the same, but there are a few minor details that will set the bogus apart from the genuine one (as indicated in the screenshots below):

Figure 3. Original Live Android site vs. Fake Live Android site

In order to stay safe, BitDefender recommends you to install and update a complete antimalware software solution on your system.

Other details about this malware alert:

For more information contact: Alina Anton, senior PR and marketing coordinator, EMEA & APAC Business Unit, BitDefender, +40 212 063 470, [email protected], www.bitdefender.com

Share this article:

IT in Manufacturing

Trojan uses LiveCD for Android running on x86 platforms as bait

Further reading:

Published by Technews