Energizer Battery Charger Has Hidden Trojan

Tuesday we reported that a Panda Security employee discovered three malware programs on his new HTC Magic phone. However there was also another malware-related report on Tuesday as well, provided by the United States Computer Emergency Readiness Team. (US-CERT). Like the HTC phone, malware was discovered in association with a new, trusted device.

According to the official report, the team discovered a trojan residing in software packaged with the Energizer DUO USB Battery Charger. Although the installer places a legitimate file into the application's directory, it also places Arucer.dll into the Windows system32 directory. The latter file has been classified as a backdoor trojan that allows unauthorized remote system access.

For users of Windows XP SP2 or later, the system's built-in firewall will prompt the user about the Energizer USB Charger software accessing the Internet. Naturally, unsuspecting consumers unblock the request, thus accepting connections on TCP port 7777 and leaving the PC open for hackers. "An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs," the report reads. "The backdoor operates with the privileges of the logged-on user."

The US-CERT said that users can simply uninstall the Energizer USB Charger software, however the Arucer.dll file will still remain in the Windows system32 directory until it is manually removed. But by uninstalling the software, users are removing the registry value that causes the backdoor to execute automatically when Windows starts, thus leaving Arucer.dll inactive.

Consumers wanting to run the software provided by Energizer could alternatively block access to TCP port 7777 in their firewall settings. For more information, head here.

Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more. 

  • Shadow703793
    Wow... next thing we know Canon/Sony,etc cameras will come with pre-loaded with malware.
  • milktea
    I have never seen a charger which comes with software. Has battery chargers gotten so complicated that it needs to run a software in your PC to charge something?
  • jrharbort
    Someone at energizer looks like they wont be going on. =P

    How something like this slips through the cracks with hundreds of thousands of units produced is crazy, and downright unresponsible.
  • brendano257
    That's pretty insane, intentional or accidental, this type of thing should not be overlooked. I would like to see what their little Bunny has to say about this...
  • WheelsOfConfusion
    Shadow703793Wow... next thing we know Canon/Sony,etc cameras will come with pre-loaded with malware.Sony BMG CDs from 2005 already have a good chance of that.
  • cscott_it
    Something odd, this news came out before the phone news did.

    Either way, I know what I'm buying my roomate as a suprise gift.
  • Regulas
    First off, where is this thing manufactured. My first guess is China. Second why would you want to charge AAA batteries in a USB connection, what's wrong with the wall socket?
  • hairystuff
    This is nothing new, I've had Kingston branded CF cards come with preloaded malware about 5 years ago from ebuyer.com, the packages were blister pack sealed, so I'm guessing it must have come from the factory like that, as a rule any storage based products I buy now get wiped before I use them.
  • Hupiscratch
  • joebob2000
    This is *not* a manufacturing glitch. This software is actually not shipped with the charger, it is made available on the Energizer web site for use if you want to know the charge percentage and estimated time to completion. The fact that Energizer published this software for so long (a few years) and no one ever noticed is a testament to the lax attitude many vendors adopt. Also, for what it's worth, the 'trojan' is really just a passive backdoor; if you have a hardware/software firewall and *dont* specifically open that port, it is harmless (aside from cpu usage and being generally creepy). There is no phone-home routine and no other malicious activity.