Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Android Hack-Tool Steals PC Info

Options
  • 01-07-2013 7:16pm
    #1
    900913
    Registered Users Posts: 367 ✭✭


    USB CLEAVER

    Over the weekend, Yeh, one of our Security Response Analysts, came across some interesting analysis on a Chinese language forum about an Android app that basically turns a mobile device into a hack-tool capable of stealing information from a connected Windows machine.

    He managed to find a sample (MD5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (detected as Hack-Tool:Android/UsbCleaver.A) installs an app named USBCleaver on the device:


    Link:http://www.f-secure.com/weblog/archives/00002573.html
    Tagged:


Comments

  • Options
    #2
    hooplah
    Registered Users Posts: 570 ✭✭✭hooplah


    I work in a public office with underfunded hardware. If the public printers had trouble we occasionally used to print for customers. One tried to hack the machine we did this from with something similiar. [which unfortunatelly means we can't print for anyone else anymore]

    IIRC the anti-virus caught everything.

    I looked into it out of curiosity afterwards and think the culprit probaly used something like USB switchblade. (http://forums.hak5.org/index.php?/forum/20-usb-hacks/)

    Browsing around afterwards I found USB Cleaver. it looks like a 'usb switchblade for android' type of thing. Like the piece you posted to states its old tech and disabling autorun would probably stop everything, I'd say an up to date anti-virus would also spot the threat.

    You can find more about USB cleaver here: http://forum.xda-developers.com/showthread.php?t=1656497 The developer seems to have stopped updating it.

    Just a related question. if you wanted to learn more about how these things work without risking damaging your own pc would virtual machine with usb passthrough be safe or would that risk ****ing up your own computer also?


  • Options
    #3
    900913
    Registered Users Posts: 367 ✭✭900913


    the anti-virus caught everything.

    It's possible to alter the hack tools so that the AV won't detect them.

    Here's an example with netcat.exe where I conveted the .exe to a .bat file (I used exe2bat.exe) but it's essentially the same app and works the same, except that the AV doesn't detect it.


    NC.exe
    Detection rate: 2 on 14 (14%)
    Status: INFECTED
    http://vscan.novirusthanks.org/analysis/10cfbcb1bf0e8a8ab060b22d49777153/bmMtZXhl/


    NC_Copy.bat
    Detection rate: 0 on 14 (0%)
    Status: CLEAN
    http://vscan.novirusthanks.org/analysis/0e69235a5a5c35d6d7c87b32d4b9037f/bmMtY29weS1iYXQ=/


  • Options
    #4
    hooplah
    Registered Users Posts: 570 ✭✭✭hooplah


    oh that's interesting, thanks


Advertisement