Uma nova campanha de ataque foi encontrado para transportar o malware TimpDoor Android recém-descoberto. Ele é distribuído utilizando phishing e-mails e um dos seus principais objetivos é se infiltrar nas redes internas. Due to the fact that it features non-standard behavior any infections should be removed as soon as possible.
TimpDoor Android Malware Infects Devices in a Large-Scale Attack Campaign
Android devices are facing another major threat as security experts raised alerts of a new malware called TimpDoor. The infections are done by sending out [wplinkpreview url =”https://sensorstechforum.com/detect-remove-fake-phishing-pages/”]phishing e-mails para os receptores alvo. The body contents of these messages pose as notifications from well-known companies, vendors or portals advertising a fake voice message app. If installed it will start a SOCKS proxy server which will redirect all network traffic from a third-party server. This connection is encrypted and constantly maintained.
The first infections carrying this threat were detected in March, several months later in August another worldwide campaign was detected. De acordo com relatórios finalmente 5,000 devices were affected by it in the United States alone.
The proxy server instituted by the TimpDoor Android Malware also starts a comprehensive coleção de dados procedimento. It will scan the local device for information such as the device’s brand, modelo, versão Android, operadora de celular, connection type and IP address. When the secure connection to the hacker-controlled server is established this collection of data will be reported.
During the analysis of the contaminated strains the experts discovered that the infections additionally carried other APK installation files. In the case of the made infections they contained the proxy software. However this can easily be tweaked into delivering other malicious payloads as well. Essentially the TimpDoor Android malware seeks to create proxy connections which would allow the hackers to intrude onto the local networks that house the devices. This is done in a stealth manner which shows that the criminals will probably use this possibility at a certain point in time. If all attacks are caused by a single hacking collective then this would mean that they will have secure connections to a lot of internal networks around the world. Some of the possible consequences are the following:
- Vigilância — The hackers will have the ability to spy on the infected devices in real time.
- Entrega adicional Payload — The active infections will be used to install other virus threats.
- Device Manipulation — The underlying software can modify important parameters of the infected devices.