PSA: Backdoored battery chargers

[unixronin]

Ever bought an Energizer Duo USB battery charger?  Ever used it on a Windows PC?  It may have trojanned your PC.

"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday.  "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp.  Its capabilities include the ability to list directories, send and receive files, and execute programs."

Energizer reportedly has no idea how or when the trojan got into their software, but it may have been there ever since the Duo was launched three years ago.

Comments

[masgramondou.livejournal.com]

Yet anopther reason why its good to be running Linux methinks

[mrakg.livejournal.com]

But why does a battery charger NEED to have PC software in the first place?

[unixronin.livejournal.com]

Personally, a USB battery charger sounds like a bad idea to me even before we get into questions about software. (I presume the software does something like let you monitor charge progress on your desktop.) But I suppose it's less useless than a lot of the other USB-powered novelty crap on the market.