Is the software that accompanies a USB battery charger harboring malware? It just might be, according to U.S. CERT, which issued a warning that the software that supports the Energizer DUO charger contains a Trojan that makes PCs susceptible to hackers’ exploits.
eSecurity Planet offers the details on the Energizer DUO Trojan warning, and reports on what Energizer is doing to address the threat.
The United States Computer Emergency Readiness Team (CERT) is warning consumers that downloadable software commonly used with the Energizer DUO USB battery charger contains a Trojan that hackers can exploit to commandeer Windows-based PCs.
The installer for the Energizer DUO software, which lets users view the battery’s charging status, places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory. According to the CERT advisory posted Friday, the Arucer.dll file is a backdoor that can be used remotely for unauthorized access to the user’s PC.
CERT officials said this backdoor vulnerability makes it possible for hackers to list directories, send and receive files, and execute programs.
“The backdoor operates with the privileges of the logged-on user,” CERT said in the warning.