A Trojan backdoor found its way into Energizer Duo USB battery charger software downloads.
Malware bundled in a charger-monitoring software download package opens up a back door on compromised Windows PCs. The contaminated file is automatically downloaded from the manfacturer's website during the installation process, not bundled with an installation CD.
Symantec warns that a file called “Arucer.dll”, which it identifies as Trojan-Arugizer, that is installed on compromised systems is capable of all manner of mischief. This includes sending files to the remote attacker or downloading other strains of malware, as instructed via commands on a back channel controlled by hackers.
It's unclear how long the potentially malicious file has been offered up for public download or how many have been infected, as a write-up on the threat by Symantec explains.
In a statement, Energizer acknowledged the problem and discontinued sale of the affected device, the Duo Charger (Model CHUSB). The battery maker has also launched an investigation into how backdoor functionality found its way into its software.
News 1 year ago
