Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Cyber Security Services

New Android Threat

Created: 05 Feb 2013 • 1 comment
uuallan's picture
+1 1 Vote
Login to vote

Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD.  You can read about the threat here:, it is a typical piece of Android Malware in that it will send contact lists, images, etc. to a command and control server. But it adds a new layer of maliciousness by downloading autorun.inf, folder.ico, and svchosts.exe to the phone.

In effect, SuperClean turns any Android phone into the equivalent of a compromised thumb drive. This means any employee who brings their Android phone into the office and plugs it into their computer to recharge could compromise their entire network. While we have seen malware that moves from PC to phone, this is the first time that we have seen malware that jumps from phone to PC. But this method is remarkably simple so I would expect to see it repeated in other malware.

The easiest was to ensure this threat does not spread from BOYDs to your network is to ensure that autorun is disabled across the network, on both PCs and Servers. You can improve security even further by restricting the USB devices that are allowed on your network to only those from an approved vendor (or vendors). Finally, encourage all employees to run security software on their mobile devices, it will protect them but it could also protect your network.

Comments 1 CommentJump to latest comment

Mick2009's picture

"Thumbs up" - just adding two related links that will be of interest to security admins.  Symantec has an enterprise-level anti-malware solution now available which can detect and help remove Android.Claco:

Illustrated Guide to Installing Symantec Mobilie Security 7.2

... and there is a method to prevent mobiles from being mounted on Windows computers defended by Symantec Endpoint Protection (SEP):

Smart phones and Application and Device Control in Symantec Endpoint Protection
Article URL 

With thanks and best regards,


Login to vote