Energizer DUO is a USB powered battery charger introduced by Energizer back in 2007. The charger is accompanied with a software that shows you the status of the recharge on your screen, in addition to letting a backdoor trojan in your computer. US-CERT is warning people that this trojan is installed by a file called Arucer.dll and listens for commands on TCP port 7777.
Upon instructions, this trojan can download files to your computer, sends messages and send files from your computer. Energizer has discontinued the product and confirmed that the software does contain malicious code, however, they don’t have any idea about how it got in. Users who have installed the software are recommended to immediately uninstall it to minimize the damage or simply remove the Arucer.dll file from their Windows.
Energizer claims that only the Windows version of the software was compromised and the MAC version remains safe. The company is currently working with the government agencies to carry out investigations. As Computer World mentions, this is not the first time hardware related software has been compromised, earlier it was Seagate Hard drives and Apple iPods. Symentic reports that the trojan can also alter some of the registry entries and works by sending and receiving commands in the form of CLSIDS.