Charged Trojan
The US-CERT organization recently reported on the malicious functionality they found in Energizer (Energizer DUO USB) USB charging software.
Energizer DUO - USB charger for finger batteries. No additional software is needed to use this device, but Energizer has provided an application that displays the battery level. This program is distributed in the built-in flash memory with a charger, so every user of this charger has malware.
')
When installing the application, a Trojan module with backdoor functions gets onto the user's computer. ESET detects it as a Win32 / Arurizer.A malware. The backdoor opens port 7777 for incoming connections and can receive the following remote commands:
- Download and run executables
- Delete files
- Transfer information from the infected system
The functionality of Win32 / Arurizer.A is potentially dangerous and can be harmful only if it is used by an attacker. The program itself does not communicate remotely with any control center.
On Friday, Energizer still released an official statement , which reported on the suspension of sales of its charger. Now an investigation is being conducted in which they are trying to establish how the malicious code got into the distribution kit with the program.
How many users have infected their systems is unknown, but given the fact that Energizer products are aimed at a wide range of consumers, there may be a lot of them. Yes, and malicious software for quite a long time was available for download from the official website of Energizer. Now a copy of the page from which the malicious distribution kit is available can only be seen on the Internet Archive website.
Energizer DUO - USB charger for finger batteries. No additional software is needed to use this device, but Energizer has provided an application that displays the battery level. This program is distributed in the built-in flash memory with a charger, so every user of this charger has malware.
')
When installing the application, a Trojan module with backdoor functions gets onto the user's computer. ESET detects it as a Win32 / Arurizer.A malware. The backdoor opens port 7777 for incoming connections and can receive the following remote commands:
- Download and run executables
- Delete files
- Transfer information from the infected system
The functionality of Win32 / Arurizer.A is potentially dangerous and can be harmful only if it is used by an attacker. The program itself does not communicate remotely with any control center.
On Friday, Energizer still released an official statement , which reported on the suspension of sales of its charger. Now an investigation is being conducted in which they are trying to establish how the malicious code got into the distribution kit with the program.
How many users have infected their systems is unknown, but given the fact that Energizer products are aimed at a wide range of consumers, there may be a lot of them. Yes, and malicious software for quite a long time was available for download from the official website of Energizer. Now a copy of the page from which the malicious distribution kit is available can only be seen on the Internet Archive website.
Source: https://habr.com/ru/post/86860/
All Articles