Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Android Hack-Tool Steals PC Info

  • 01-07-2013 06:16PM
    #1
    900913
    Registered Users, Registered Users 2 Posts: 367 ✭✭


    USB CLEAVER

    Over the weekend, Yeh, one of our Security Response Analysts, came across some interesting analysis on a Chinese language forum about an Android app that basically turns a mobile device into a hack-tool capable of stealing information from a connected Windows machine.

    He managed to find a sample (MD5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (detected as Hack-Tool:Android/UsbCleaver.A) installs an app named USBCleaver on the device:


    Link:http://www.f-secure.com/weblog/archives/00002573.html
    Tagged:


Comments

  • #2
    hooplah
    Registered Users, Registered Users 2 Posts: 571 ✭✭✭hooplah


    I work in a public office with underfunded hardware. If the public printers had trouble we occasionally used to print for customers. One tried to hack the machine we did this from with something similiar. [which unfortunatelly means we can't print for anyone else anymore]

    IIRC the anti-virus caught everything.

    I looked into it out of curiosity afterwards and think the culprit probaly used something like USB switchblade. (http://forums.hak5.org/index.php?/forum/20-usb-hacks/)

    Browsing around afterwards I found USB Cleaver. it looks like a 'usb switchblade for android' type of thing. Like the piece you posted to states its old tech and disabling autorun would probably stop everything, I'd say an up to date anti-virus would also spot the threat.

    You can find more about USB cleaver here: http://forum.xda-developers.com/showthread.php?t=1656497 The developer seems to have stopped updating it.

    Just a related question. if you wanted to learn more about how these things work without risking damaging your own pc would virtual machine with usb passthrough be safe or would that risk ****ing up your own computer also?


  • #3
    900913
    Registered Users, Registered Users 2 Posts: 367 ✭✭900913


    the anti-virus caught everything.

    It's possible to alter the hack tools so that the AV won't detect them.

    Here's an example with netcat.exe where I conveted the .exe to a .bat file (I used exe2bat.exe) but it's essentially the same app and works the same, except that the AV doesn't detect it.


    NC.exe
    Detection rate: 2 on 14 (14%)
    Status: INFECTED
    http://vscan.novirusthanks.org/analysis/10cfbcb1bf0e8a8ab060b22d49777153/bmMtZXhl/


    NC_Copy.bat
    Detection rate: 0 on 14 (0%)
    Status: CLEAN
    http://vscan.novirusthanks.org/analysis/0e69235a5a5c35d6d7c87b32d4b9037f/bmMtY29weS1iYXQ=/


  • #4
    hooplah
    Registered Users, Registered Users 2 Posts: 571 ✭✭✭hooplah


    oh that's interesting, thanks


Advertisement