Malware-Laced 'DroidCleaner' and 'SuperClean' Android Apps Found to Transfer Malware from Smartphone to PC

malware android apps spread on pcA new form of Android malware has been found to travel from a smartphone to a PC where it may automatically load to collect information and perform other invasive actions.

Smartphone malware, especially among the Android operating system, has been a growing concern lately and for good reason. Much of recent Android malware has spawned out of apps downloaded from untrusted sources on the Internet. Many of these sources are an easy portal for Android smartphone users to obtain a free app of their choice but do not realize the grave danger that potentially face, especially with a new type of Android malware that transfers from smartphone to a PC. This time, surprisingly, malware-laced apps were available through the online Google Play Store.

Kaspersky Lab expert, Victor Chebyshev, wrote on the companies blog "We have come across PC malware that infects mobile devices before. However, in this case it's the other way round: an app that runs on a mobile device (a smartphone) is designed to infect PCs."

The main culprits of this transfer of malware from a smartphone running Android OS to a PC have been found to be two Android apps, DroidCleaner and Superclean. These apps, exclusive to smartphones running Android, claim to free up memory on the smartphone to help them run faster. The two apps fail to help Android smartphones in any way as they tend to install malware on a PC when it is synced.

Examining the malware seeded out of the DroidCleaner and Superclean Android apps, it was found to be a bot that manages to send SMS messages, enable Wi-Fi, collect device data, open arbitrary links in a web browser, upload the entire smartphone's SD card contents, upload all smartphone SMS messages and download all device contacts and photos. Experts claim that this is the very first time seeing smartphone malware having such an extensive set of features and functions it carries out on an infected device.

Most times, connecting a smartphone to a PC will prompt the user to take action for syncing the device much like the Autorun feature does when media is inserted in most PCs running Windows. Though the autorun feature is disabled by default on newer operating systems, it is still an easy case where the malware can slip onto a PC once the user has initiated syncing of their unknowingly-infected smartphone. The majority of systems affected by this are those running outdated operating system versions.

This particular malware has caused an uproar among large corporations who have also taken notice to the new-found threat. NBC news even reached out to Google inquiring about the malware-laced apps, which were available through the Google Play Store online for a short period of time. A Google spokesperson commented, "We don't comment on individual apps; we remove apps from Google Play that violate our policies."

Currently, the two malware-laced Android apps are no longer available through the Google Play Store, but this may not stop cybercrooks from sending it again. What users of smartphones running Android can do in the meantime is to ensure they do not have the DroidCleaner or Superclean apps installed. If so, uninstall them immediately. Additionally, users are urged keep their antivirus or antimalware software updated.

Have you ever encountered smartphone malware? If so, how did you deal with it?

2 Comments

  • Gen Dariusz Ziętek:

    Spy hunter 5
    It is, just make on platform Linux and Android .

    Antivirus Srcurity pro it is just do it on Linux amd android.
    Will it go on android 4.2.2 jelly belly too.

  • Alan Cree:

    All of my systems are infected with CVEs EvilParcel and PendingIntent. I cannot directly download this tool or any other tools. Emails and accounts are hacked, apps have been replaced. can I remove these CVE malware entirely.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.