Energizer Duo USB Battery Charger Software Has Backdoor Trojan

Use Netsparker


There has been a number of interested stories lately especially related to hardware, the latest doing the rounds is this one where a seemingly innocuous USB battery charger has been installing some nasty remote control software onto users systems.

The charger at fault is the Energizer Duo USB Battery Charger, you’re only at risk if you’re a windows user and downloaded the software for the charger from the Energizer site (specfically from – www.energizer.com/usbcharger).

There’s a good breakdown and technical description at the kb.cert here – Vulnerability Note VU#154421.

A Trojan backdoor found its way into Energizer Duo USB battery charger software downloads.

Malware bundled in a charger-monitoring software download package opens up a back door on compromised Windows PCs. The contaminated file is automatically downloaded from the manfacturer’s website during the installation process, not bundled with an installation CD.

Symantec warns that a file called “Arucer.dll”, which it identifies as Trojan-Arugizer, that is installed on compromised systems is capable of all manner of mischief. This includes sending files to the remote attacker or downloading other strains of malware, as instructed via commands on a back channel controlled by hackers.

It’ll be interesting to see how the malicious .dll file got into the software bundle in the first place without any detection.

Was it a server/network hack or did it come from wherever the devices were manufactured (the header info in the .dll seems to indicate once again the source is China).

Hopefully within the next week or so we’ll hear some more news as to what actually happened, or more likely it’ll be swept under the carpet and we won’t hear a peep.

In a statement, Energizer acknowledged the problem and discontinued sale of the affected device, the Duo Charger (Model CHUSB). The battery maker has also launched an investigation into how backdoor functionality found its way into its software.

“Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory.

Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software. Additional technical information can be found here.”

The compile time for the file is May 10, 2007 so that means most likely the malicious file has been packaged into the software for the past 3 years! It looks like Energizer might have some major clean-up operation to carry out.

There’s a good technical write-up by Symantec here:

Back Door Found in Energizer DUO USB Battery Charger Software

Network World has also published a follow-up article here:

The Energizer DUO Trojan: What You Need to Know

Source: The Register

Posted in: Legal Issues, Malware

, ,


Latest Posts:


testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.


3 Responses to Energizer Duo USB Battery Charger Software Has Backdoor Trojan

  1. Olly March 9, 2010 at 12:36 pm #

    Why does a USB battery charger need a piece of software anyway?

  2. Gabriel March 9, 2010 at 4:18 pm #

    So that people can hide backdoors in it, Olly, of course.

  3. Deborah S March 10, 2010 at 8:13 am #

    This is making me even more nervous about running on Vista (came with the PC), that won’t let me run ZoneAlarm 4.5 on it. ZoneAlarm makes software ask for permission to access the internet, so you know right away if you’ve got malware that’s trying to. And I just don’t like all the goop they glommed onto later versions of ZoneAlarm. It’s totally unnecessary, eats up resources, and I can’t remember all the other things I didn’t like about versions after 4.5. Plus, Vista’s got so many processes and services running you can’t easily see if something is running that shouldn’t be.

    Oh well, XP with ZA 4.5, here I come!