X

Android malware uses your PC's own mic to record you

Two apps discovered on Google Play by Kaspersky were set up to record their victims by tapping into the Windows microphone software.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
See full bio
Lance Whitney
2 min read

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and then send the contents to the malware distributor.

Related stories

The attack did depend on the AutoRun feature being enabled in Windows for external drives, which is disabled by default in newer versions of the operating system.

Instead, users with older versions of Windows or those who renabled AutoRun could have been at risk. People would also have had to connect their Android devices to their PCs, but that's a broad group, according to Kaspersky.

"A typical attack victim is the owner of an inexpensive Android smartphone who connects his or her smartphone to a PC from time to time, for example, to change the music files on the device," the blog noted. "Judging by the sales statistics for Android smartphones, I would say that such people are quite numerous. For the attack to be more successful, it only lacks a broader distribution scheme."

Why a cybercriminal would want to record a PC user's conversation isn't clear. But the fact that such a hack is possible is alarming. And the malware was capable of more than just eavesdropping. As detailed by Kaspersky, the apps offered the following repertoire:

  • Sending SMS messages
  • Enabling Wi-Fi
  • Gathering information about the device
  • Opening arbitrary links in a browser
  • Uploading the SD card's entire contents
  • Uploading an arbitrary file (or folder) to the master's server
  • Uploading all SMS messages
  • Deleting all SMS messages
  • Uploading all the contacts/photos/coordinates from the device to the master

Superclean and DroidCleaner no longer appear in Google Play. But their initial stay in the app store shows that Android users always need to be cautious about the software they download and install.

Mobile Guides

Phones
Foldable Phones
Headphones
Mobile Accessories
Smartwatches
Wireless Plans
Mobile coupons