Two malicious Android applications have been discovered in Google Play application store. The names of the application are Superclean and DroidCleaner. These applications can copy your photos, SMS messages, contacts and other files and send them to a remote server on the internet.
The malicious applications Superclean and DroidCleaner tricked Smartphones users into downloading them by, claiming to be utility optimizers or cleaners. Utility optimizers or cleaners are applications which help to speed up your Smartphone.
If one of these malicious applications is downloaded and executed, it downloads the following files onto the Smartphone from a remote server:
- autorun.inf
- folder.ico
- svchosts.exe
These are files that operate on a Windows computer (PC).
Once the same infected Smartphone is connected to a PC, the auto-run feature in Windows will automatically execute the malicious file svchosts.exe on the Smartphone which will infect the PC with the malware Backdoor.MSIL.Ssucl.a.
This malware is used to record audio through a computer microphone and send the recorded audio to a remote server on the internet. This malware spies on you by recording everything that is said and sending it to the hackers who created it.
Current versions of Windows have disabled the auto-run feature but, the older or outdated versions of Windows may still have this feature enabled. These outdates versions of Windows are the ones that are most vulnerable to infection from these Smartphone applications.
The malicious Android applications Superclean and DroidCleaner can also do the following:
- Send SMS messages
- Enable Wi-Fi
- Gather information about your phone
- Open random links in a browser
- Upload your phone's SD card’s entire contents to a remote server
- Upload all SMS messages
- Delete all SMS messages
- Upload all the contacts and photos from your phone to a remote server
Both applications have been removed from the Google Play application store.