A brand new windows malware has been found which uses PCs and windows operating system to try to infect an Android device as it is plugged into the PC. Researchers at Symantec say this is a turn around, as malware has been seen before which attempts to infect windows machines from an Android device, but not the other way around.
This new malware, named Trojan.Droidpak by Symantec, drops a DLL file on the Windows computer and registers a new system service to ensure its persistence across reboots. It then downloads a configuration file from a remote server that contains the location of a malicious APK (Android application package) – a file called AV-cdk.apk.
The malicious APK distributed by this Windows malware is detected by Symantec as Android.Fakebank.B and masquerades as the official Google Play application. Once installed on a device, it uses the name “Google App Store” and the same icon as the legitimate Google Play app.