You may be getting a charge out of hacking if you are using the Energizer DUO USB Battery Charger. This battery charger comes with software to allow Windows users to monitor the status of the batteries while they are charging. The problem is that hackers and cyber criminals can use this software as a backdoor to your computer.
The file in question is “Arucer.dll” and is created during the installation process of the USB charger software. This file is placed in Windows/System 32 and is also added to the registry. As the Arucer.dll file is added to the run key the Trojan starts each time the system reboots. Once running the Trojan listens for commands from anyone who connects. Any hacker that identifies the malware can take control of the compromised computer and perform various actions as:
- Uploading files
- Downloading files
- Executing files
- Copying directories to the remote hacker
- Send files to the remote hacker
- Modifying the system in any way
The malware opens a listener on port 7777. If that port looks familiar it should as it is the same one used by Tini. Tini.exe is a well know Trojan that has been around for ten years or so and that works as both command line server and client.
If you have the Energizer DUO USB Battery Charger have installed the software at a minimum you will want to remove it. You must also remove the Windows registry value that executes the Trojan each time Windows starts. Go to the Windows/System32 directory and delete the file “Arucer.dll.”
What is interesting about this incident is that Energizer has not stated how this malware ended up in the software and why so must time when by before this vulnerability was released and the software removed form their website.