A new piece of Android malware, dubbed Tordow 2.0 targets peoples’ bank accounts. The platform that it appears on? Android. Here’s how to protect yourself.
First discovered in September 2016, security firm Comodo reports that the malware got a big update this month, making it scarier than ever. Tordow is a mobile banking Trojan that specifically targets Android devices. Comodo first found the malware affecting people in Russia.
The first version of the malware didn’t need root access to command your phone, but Torddow 2.0 does include root privileges.
Rooting is a process by which Android users gain privileged control, or root access, over their device. It gives you complete control over your device and lets you customize it in various ways. Rooting is similar to iOS jailbreaking, as it lets users alter/replace system settings, apps, and more.
Tordow 2.0 Functions
- Make phone calls
- Control SMS messages
- Download/install apps
- Steal login credentials
- Access contacts
- Encrypt files
- Visit web pages
- Manipulate banking data
- Remove security software
- Reboot your device
- Rename files
- Act as ransomware
As you can see, the update to the original Tordow gives the malware a lot of control over your Android device. Additionally, it collects data about your device’s hardware and software, OS version, manufacturer, ISP and your location.
Tordow 2.0 has CryptoUtil class functions. This lets it encrypt/decrypt files using the AES algorithm with a hard coded key: MIIxxxxCgAwlB. The malware has nine ways to verify that it has root access. It transmits its status to a command-and-control (C&C) server that the attacker controls.
Hacked apps behave just like the original, except they contain encrypted code that includes C&C communications, the exploit pack for root access and access to Trojan modules it can download.
“Although the majority of victims have been in Russia, successful hacker techniques usually migrate to other parts of the globe.”
How To Avoid
The main method of transmission is through infected apps hosted on third-party websites. If you only download apps from first-party Google Play, you should be fine. Avoid the tempting download links for Pokemon Go with built-in cheats or mods.
It’s also a good idea to use antivirus software on your Android device. Big names like AVG, Kaspersky and Avast, are all available on Google Play.