Casa > cibernético Notícias > TimpDoor Android Malware Silently Infiltrates Networks in Coordinated Attacks
CYBER NEWS

TimpDoor Android Malware Silenciosamente infiltrados Networks em ataques coordenados

Uma nova campanha de ataque foi encontrado para transportar o malware TimpDoor Android recém-descoberto. Ele é distribuído utilizando phishing e-mails e um dos seus principais objetivos é se infiltrar nas redes internas. Due to the fact that it features non-standard behavior any infections should be removed as soon as possible.




TimpDoor Android Malware Infects Devices in a Large-Scale Attack Campaign

Android devices are facing another major threat as security experts raised alerts of a new malware called TimpDoor. The infections are done by sending out [wplinkpreview url =”https://sensorstechforum.com/detect-remove-fake-phishing-pages/”]phishing e-mails para os receptores alvo. The body contents of these messages pose as notifications from well-known companies, vendors or portals advertising a fake voice message app. If installed it will start a SOCKS proxy server which will redirect all network traffic from a third-party server. This connection is encrypted and constantly maintained.

The first infections carrying this threat were detected in March, several months later in August another worldwide campaign was detected. De acordo com relatórios finalmente 5,000 devices were affected by it in the United States alone.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/whatsapp-likely-vulnerable-video-call-hacks/”]WhatsApp Provavelmente Vulnerável a Vídeo Chamada Hacks

The proxy server instituted by the TimpDoor Android Malware also starts a comprehensive coleção de dados procedimento. It will scan the local device for information such as the device’s brand, modelo, versão Android, operadora de celular, connection type and IP address. When the secure connection to the hacker-controlled server is established this collection of data will be reported.

During the analysis of the contaminated strains the experts discovered that the infections additionally carried other APK installation files. In the case of the made infections they contained the proxy software. However this can easily be tweaked into delivering other malicious payloads as well. Essentially the TimpDoor Android malware seeks to create proxy connections which would allow the hackers to intrude onto the local networks that house the devices. This is done in a stealth manner which shows that the criminals will probably use this possibility at a certain point in time. If all attacks are caused by a single hacking collective then this would mean that they will have secure connections to a lot of internal networks around the world. Some of the possible consequences are the following:

  • Vigilância — The hackers will have the ability to spy on the infected devices in real time.
  • Entrega adicional Payload — The active infections will be used to install other virus threats.
  • Device Manipulation — The underlying software can modify important parameters of the infected devices.

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...