Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Tordow Android Trojan Roots Devices and Steals Personal Credentials


Security researchers of Comodo have discovered version 2.0 of a deadly Android trojan called Tordow, which first appeared in February, 2016. Bleepingcomputer.com posted on 15th December, 2016, stating that the main feature of trojan is its ability to root Android devices, which theoretically, gives trojan the competency of carrying out the malicious operation the Trojan wants.

Particularly, Tordow is first mobile banking Trojan for operating system of Android, which pursues to gain the root privileges on the infected devices. Comodo Threat research labs reveals that a typical banking malware doesn't required root access for executing malicious activities, however hackers gain extensive range of the functionality with root access.

To wit: Tordow 2.0 can make phone calls, download as well as install programs, control SMS messages, steal the login credentials and access contacts, visit webpages, encrypt files, manipulate the banking data, reboot device, eliminate security software, rename the files and also act as the ransomware. It searches browsers of Google Chrome and Android for the stored sensitive data. Technical details reveal that the Tordow 2.0, in addition, collects data about the device software and hardware, manufacturer, operating system, ISP and location of the user.

Trojan's source contains a special code which enables trojan to gain the root privileges. Tordow 2.0 further includes 9 different ways to verify that the root privileges were acquired. At this point, the trojan beeps its C&C server, sends basic information of the device and waits for the new commands.

One of the components of Tordow can encrypt files with AES encryption algorithm using a hardcoded encryption key of MIIxxxxCgAwIB allowing security researchers to decrypt files.

Tordow spreads through common gaming applications and social media, which were downloaded, reverse-engineered as well as damaged by the malicious coders. Applications which are exploited include Pokemon Go, VKontakte (the Russian Facebook), Subway Surfers and Telegram. Hijacked apps normally behave just like original ones, although it also include implanted as well as encrypted malicious functionality comprising C2 communications, exploit pack for the root access as well as access to Trojan modules which are downloadable.

Users should always keep their security software updated for extra protection against 2.0 and similar threats and always be suspicious about unsolicited attachments and links.

ยป SPAMfighter News - 12/21/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next