Home > Cyber News > TimpDoor Android Malware Silently Infiltrates Networks in Coordinated Attacks

TimpDoor Android Malware Silently Infiltrates Networks in Coordinated Attacks

A new attack campaign has been found to carry the newly discovered TimpDoor Android malware. It is distributed using phishing email messages and one of its main goals is to infiltrate the internal networks. Due to the fact that it features non-standard behavior any infections should be removed as soon as possible.

TimpDoor Android Malware Infects Devices in a Large-Scale Attack Campaign

Android devices are facing another major threat as security experts raised alerts of a new malware called TimpDoor. The infections are done by sending out [wplinkpreview url=”https://sensorstechforum.com/detect-remove-fake-phishing-pages/”]phishing emails to the target recipients. The body contents of these messages pose as notifications from well-known companies, vendors or portals advertising a fake voice message app. If installed it will start a SOCKS proxy server which will redirect all network traffic from a third-party server. This connection is encrypted and constantly maintained.

The first infections carrying this threat were detected in March, several months later in August another worldwide campaign was detected. According to the reports at least 5,000 devices were affected by it in the United States alone.

Related: [wplinkpreview url=”https://sensorstechforum.com/whatsapp-likely-vulnerable-video-call-hacks/”]WhatsApp Likely Vulnerable to Video Call Hacks

The proxy server instituted by the TimpDoor Android Malware also starts a comprehensive data collection procedure. It will scan the local device for information such as the device’s brand, model, Android version, mobile carrier, connection type and IP address. When the secure connection to the hacker-controlled server is established this collection of data will be reported.

During the analysis of the contaminated strains the experts discovered that the infections additionally carried other APK installation files. In the case of the made infections they contained the proxy software. However this can easily be tweaked into delivering other malicious payloads as well. Essentially the TimpDoor Android malware seeks to create proxy connections which would allow the hackers to intrude onto the local networks that house the devices. This is done in a stealth manner which shows that the criminals will probably use this possibility at a certain point in time. If all attacks are caused by a single hacking collective then this would mean that they will have secure connections to a lot of internal networks around the world. Some of the possible consequences are the following:

  • Surveillance — The hackers will have the ability to spy on the infected devices in real time.
  • Additional Payload Delivery — The active infections will be used to install other virus threats.
  • Device Manipulation — The underlying software can modify important parameters of the infected devices.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree