DualToy: A new trojan is targeting Windows computers to serve malicious applications on Android and iOS devices that the victim connects to the infected system via USB cables.
The trojan is called DualToy and was first detected in January of 2015. In its original form, it was able to only infect Android devices.
Since then, DualToy has been updated and can also infect iOS devices. According to the Palo Alto Networks security company, the number of different malware samples has now reached 8.000 tracks.
DualToy is written in C++ and Delphi, and the first thing it does after infecting a computer is to download and install Android Debug Bridge (ADB) but also iTunes toy drivers for Windows.
The trojan assumes that every device connected to the computer is the owner's device. So it uses files corresponding to the license it has discovered on the user's computer trying to bypass the authentication of the mobile device connected via a USB port.
After successfully accessing the device, DualToy communicates with a C&C server, downloads a list of applications to install them, and then installs them on the victim device.
To avoid complications during the application installation process on Android devices, DualToy also downloads a special script from the C&C server. This script roots the device and gives DualToy the ability to install applications without the need for user interaction.
For iOS devices, Trojan downloads and runs a script that collects various device data, such as: IMEI, IMSI, ICCID, serial number, and phone number. The purpose of this operation is currently unknown.
On iOS devices, DualToy also collects your Apple ID along with your phone number code user access.
All applications installed by DualToy are used to display ads that generate profits for the Trojan administrator.
"Although the ability of this attack can be further limited by additional mechanisms (eg, by activating the ADB and iOS sandbox) DualToy reminds us again that attackers can use USB to reach mobile devices and how malware can be transmitted across different platforms, ”said Claud Xiao, security researcher at Palo Alto Networks.
