DualToy : What is it?
DualToy is a Trojan horse which is install mobile device applications and install them on connected Android and iOS devices. It is specially created to attack your Android or iOS device once you attach it to a contaminated Windows computer. It was detected by Palo Alto Networks on January 2015. After six months the Trojan was detected , its first versions that was capable to infect only Android. After that its developer upgraded to be able to hit iOS applications. DualToy mainly targeted China-based users but Spain, Ireland, the US, the UK, and Thailand all are also targeted lately.
If an Android device or iOS is connected to the infected computer with the help of USB, DualToy starts performing various malicious activities to manipulate your PC. The Trojan steal valuable information like IMEI, IMSI, phone number, firmware, login ID, credit and debit card data. All this information sent to C&C server. After installation, it also starts showing different types of ads and alters the browser settings and injects processes.
DualToy perform the following actions
• Download iOS applications and install them on to connected iOS devices.
• Download tools for interfacing with Android and iOS devices.
• Download Android applications and install them on to connected Android devices.
Reasons Which Tends To The Penetration Of DualToy-
DualToy is capable of infecting Android devices connected with the targeted Windows PC via USB cable. Some other ways-
• Opening any junk or spam email attachment.
• Downloading any pirated software.
• Install or Download any freeware or shareware applications from unknown sources.
• Using Peer-to-Peer Sharing of files networks.
• Playing online games and watching adult movies.
• Using infected media device.
• Clicking or Visiting any suspicious links.
Vicious Properties of DualToy-
iTunes and the Android Debug Bridge (ADB) are two applications that compromise an Android and iOS devices. With the help of both applications, DualToy installs more other malicious applications. In the case of Android, the Trojan installed lots of Chinese-language games from a third-party application store. Downloads Android apps and installs them on any connected Android devices in the background, where the apps are adware or Riskware. DualToy gather your all system data like user name, version, serial Number, model number, IMEI, IMSI, phone number and firmware of the device. DualToy reminds us, how attackers can use USB side-loading against any mobile devices and how malicious threat can be spread between platforms.
The Trojan install some “.ipa” files on the Apple devices. The application will ask for an Apple ID with password and send them to a server without your consent. It comes from a third-party iOS store that is similar to ZergHelper. These application is known as Kuaiyong.Developer of DualToy is analogous to WireLurker and AceDeceiver, both are infect iOS devices. They are connected to an already compromised system. DualToy is still active and we have found over 8,000 unique samples that is belonging to this Trojan family. In addition it also modifying browser settings and displaying advertisements everywhere. Therefore, it is very important to get rid of DualToy from Android, iOS devices or PC as early as possible.
How To avoid DualToy
• You Should keep update the firewall and anti-virus software.
• Set your Internet security system to advance
• Do not visit unsafe domains.
• Avoid downloading freeware and other stuffs from any unofficial website
• Passwords of confidential and must be changed at regular intervals and always use strong and long passwords.
• Scan external media devices before using.
• You should not Visiting or clicking and suspicious sites.