The recently updated DualToy Windows Trojan can install itself on Android and iOS devices connected via a USB connection.
DualToy Is the Latest Trojan That Affects Both Android and iOS Devices
DualToy is not a new thing, the first version of the Trojan appeared in January 2015, and it only infected Android devices. A newer version was identified that can compromise iOS targets as well. A recent spike in infections was detected by security researchers indicating that there are 8000 active samples on the Web.
The Trojan is written in the C++ and Delphi programming languages, and its behaviour follows an encoded pattern. Upon intrusion the software downloads and installs the Android Debug Bridge (ADB) and the iTunes drivers. The two utilities are used by DualToy to interact with any connected Android or iOS device.
The Trojan assumes that all connected phones and tablets are the property of the computer’s owner. The malware uses the pairing and authorization records stored on the computer to authenticate to the connected device. After access is confirmed DualToy contacts the remote C&C servers and installs applications according to a predefined list.
The programmers have included special code that roots the devices and gives the Trojan the ability to install applications without use confirmation in the background.
Infected iOS devices are also harvested for their IMEI, IMSI, ICCID, serial number and phone number, currently for unknown reasons. DualToy also collects the user’s Apple ID and stored password which are forwarded in an encrypted form to the malicious servers.
The sideloaded applications show ads that generate profit for the operators of the malware. The Trojan, however, has an advanced feature that is implemented – if the user does not connect a smart device to the computer, browser settings modifications are entered that inject ads.
DualToy is an example of a cyber threat where the main reasons for infection are generating money through advertising. It can cause potential damage, but the target is not the computer user’s files. DualToy mainly targets China, the United States, UK, Thailand, Spain, and Ireland.
