Phil Schiller recently tweeted a link to a report that said 99% of all mobile malware is directed at Android. Usually the malware comes through the web in the form of phishing or other tactics but it usually doesn’t come from PCs. However, that’s not the case with a particular piece of malware uncovered by Symantec that installs malware onto Android devices when they are connected to Windows PCs. The malware, called Trojan.Droidpak, installs a fake version of the Google Play store when the Android device is connected to PCs in “USB debugging mode.” That mode is usually only used by developers, but is also sometimes necessary for rooting Android devices or installing alternative Android firmware.

This malware appears to be directed at online bankers in Korea, Symantec has found.

“The malicious APK [Android application package] actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions,” wrote Flora Liu, a researcher at Symantec.

That being said, the method could be replicated by other malware. To avoid this threat, Symantec recommends turning off the USB debugging mode and avoiding connecting your Android device to computers you don’t trust.