A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer. Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing unwanted apps and displaying mobile ads on Android devices. About six months later, the Trojan morphed and began targeting iOS devices by installing a third-party App Store in hopes of nabbing iTunes usernames and passwords.
Researchers said once DualToy infects a Windows machine, it looks for the Android Debug Bridge (ADB) and iTunes, and downloads drivers for both if they’re missing in order to infect mobile devices once connected.
Submitted by: Arnfried Walbrecht