After coming across a report on a Chinese forum, security researchers from F-Secure have managed to locate an interesting Android hack tool.

The tool in question, identified as Hack-Tool:Android/UsbCleaver.A, allows anyone to steal sensitive information from a PC by connecting an Android phone to it.

The hacker must install an application called USB Cleaver on his/her Android device. Once executed, the app downloads additional files from a remote server.

These files are actually various utilities designed to retrieve certain pieces of information from a Windows computer.

When the Android device is connected to the Windows PC, it automatically starts collecting browser passwords, the Wi-Fi password and network information.

The app allows the user to select what type of information should be harvested. The gathered information is copied into a folder from the Android device’s SD card.

Fortunately, there’s a simple way for users to protect themselves against such hack tools. That’s because the app creates an autorun.inf file that triggers the automatic gathering of information.

As long as the Autorun is disabled, the hack tool doesn’t work. It’s worth noting that Autorun is disabled by default in the more recent versions of Windows. Additionally, experts say that on older systems, mobile drivers need to be manually installed for the attack to work.