• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Tordow Banking Trojan – A Grave Threat for Android Users

December 16th, 2016 Waqas Android, Malware, Security 0 comments
Tordow Banking Trojan – A Grave Threat for Android Users
Share on FacebookShare on Twitter

Just a couple of weeks ago we reported about “Gooligan” attack affecting millions of Android devices worldwide. Now, Comodo Threat Research Labs have identified a new malware Tordow v2.0 which is the first mobile banking Trojan created specifically for Android devices affecting users in Russia.

It has become a serious threat for Android users because it tries to obtain root privileges after infecting a device, which is unlike other banking Trojan since they never seek to gain root privileges for performing their malicious tasks. The reason why this new malware tries to obtain root privileges is that the attacker wants to take full control of the device and perform a variety of operations.

Read: Low-cost Android Smartphones Shipped with Malicious Firmware

According to Comodo Labs’ research team, this malware can perform the following functions on an infected device:

> Making phone calls > Monitoring SMS messages > Downloading additional software > Installing programs > Stealing login credentials > Accessing contacts list > Encrypting files stored on the device > Opening and visiting web pages > Handling banking data > Deleting security software > Rebooting the device > Renaming files > Asking for ransom by serving as ransomware > Collecting information about the software and hardware, operating system, model, internet service provider, manufacturer and location of the device.

Tordow 2.0 can search Google Chrome and Android browsers for locating sensitive information. The malware is being distributed via apps that are available on third-party stores online. Such as versions of Pokemon Go, Subway Surfer and Telegram that are available at third-party stores are all infected with the malware. If the user refrains from downloading apps from third-party sources, then it is able to prevent the infection. This is why security researchers always stress upon downloading apps from authentic and reliable sources.

Read: Over 300k Android Devices Infected with Banking Trojan

In case a user downloads any of these third-party apps, which are delivered as APK files, the attackers perform reverse engineering to infect the device with Tordow 2.0 malware. The apps are then re-uploaded on the stores. It is also possible that the attackers try to distribute the infected apps through social media platforms. So always beware of such apps.

“Don’t download apps from a third-party store.”

When the Trojan is installed, it tries to obtain root privileges and once this is done, it creates contact with its command-and-control server and from there it gets additional instructions. The prime objective of the attackers is to use banking information and make some money easily. User’s financial information is in great danger due to Tordow 2.0. Since the malware obtains root privileges, therefore, it gets a bit difficult to delete it; using firmware to remove the source app that caused the issue in the first place will not help either.

The Trojan has CryptoUtil class functions through which it can easily encrypt/decrypt data via AES algorithm. This hardcoded key is used to perform data encryption: ‘MIIxxxxCgAwIB’. The android application package (APK) files “cryptocomponent.2” also get encrypted with the algorithm.

[fullsquaread][/fullsquaread]

Read: Fake Google Chrome Update Leads to Android Malware Stealing Personal Data

It is true that the malware is affecting users in Russia at the moment but such successful hacking operations usually get transmitted to other locations within no time. Therefore, the threat is ripe for all Android users. To prevent your device from getting infected, update the security software and be cautious while downloading apps or opening unsolicited attachments or URLs.

Facebook Twitter LinkedIn Pinterest
Previous article Man accused of taking pics under skirt told by court to share his iPhone Passcode
Next article DDoS Attack by Phantom Squad: EA, Battlefield 1 servers go down
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us