Tweaked Android Trojan Gains User Privileges and Pilfers Files, Chrome’s Database
A banker Trojan called Tordow that targets Android phones has been equipped with one exploit so the malware can acquire root privileges. The kind of Trojan is wholly unprecedented. Tordow was detected during February 2016 and since then it has
apparently been tweaked to evolve into its latest form.
According to Anton Kivva, malware analyst at Kaspersky Lab, the majority of applications, which proliferates Tordow, exactly copies more widely used Android applications. These are Pokemon Go, DrugVokrug, VKontakte, Subway Surf, Odonklassniki and Telegram.
Miscreants download these applications, take out the source codes, incorporate their own malevolent ware into them, package them again as also upload the just prepared copycat apps onto intermediate application stores. When these applications are downloaded on end-users' devices, the malicious ware gets triggered, but only once when the apps are launched first time.
Tordow's activities, among others include pilfering credentials from web-browsers (default Android web-browser alternatively Google's Chrome) that the infected devices run, and spying on phone calls or SMS messages. The ability to record browser
details enables crooks to garner victims' bank account details, including cookies, passwords and other log-ins, provided they're kept inside the web-browser. Threatpost.com posted this, September 20, 2016.
Tordow targets a local file for pilfering data from Chrome on Android and Android's stock browser. The data, along with having the mobile owner's browsing history, contains the passwords that he uses.
The situation worsens because attackers by gaining super user privileges become capable of pilfering any file, including documents, photos as well as files having more information regarding the infected mobile. Attackers can also restart the device, load and remove applications, steal contacts and make calls because of the Tordow Trojan.
Kivva says that of late there has been a trend of more and more malware looking to gain root access. Just coincidentally, the first banking Trojan for mobile phones has been spotted during the time, doing just that. Therefore, it is extremely vital that people safeguard their Android mobiles from the above kind of threats since it is nearly impossible for erasing the malicious program the moment it acquires root access.
» SPAMfighter News - 9/26/2016