Using a file-sharing service backed by Google seems like a safe bet, right? Maybe not.
Xunlei is a BitTorrent service used mainly in China. Google has invested in it, and according to ESET it is the most-used torrent client in the world, with over 100 million different users. The service has been spreading malware to Windows and Android users.
The malware, named “Win32/Kankan”, downloads to the user’s machine via Xunlei and is signed with a Xunlei security certificate. A Microsoft Office plugin is installed in the Windows Registry, loading every time MS Office is run. Kankan also connects to a remote server and checks for program updates.
The weirdest part of the malware is that it installs programs onto rooted Android phones that are connected to the computer via USB. Four legitimate-looking programs are installed on the phone, three android markets and one program that offers low-rate phone calls. The reason behind this is still unclear.
ESET reports that Xunlei discovered that some of their employees “used company resources to create and distribute this program”. The company has released a Kankan uninstaller.
Image by we’dhos gibas, licensed under Creative Commons Attribution 2.0 Generic (CC BY 2.0)