A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer.
Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing unwanted apps and displaying mobile ads on Android devices. About six months later, the Trojan morphed and began targeting iOS devices by installing a third-party App Store in hopes of nabbing iTunes usernames and passwords.
When DualToy began to spread in January 2015, it was only capable of infecting Android devices… We observed the first sample of DualToy capable of infecting iOS devices on June 7, 2015. Later in 2016, a new variant appeared,” wrote senior malware researcher Claud Xiao in a technical description of the Trojan.