Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Tordow Banking Trojan Steals Credentials from Android Devices

android-trojan-spylockerAn Android banking malware dubbed Tordow by Kaspersky researchers has been detected to obtain all types of banking credentials as well as steal login details and root devices. The creators of this malware have designed it to function primarily as banking malware giving many profitable opportunities for the cyber-criminals who are going to be using it. Users are strongly advised to read this article and learn how to protect themselves from this Android OS banking malware.

Threat Summary

NameTrojan-Banker.AndroidOS.Tordow
TypeTrojan Horse
Short DescriptionAndroid Banking Malware/Infostealer
SymptomsGives permissions to the cyber-criminals to perform malicious activities on your Android device. Full control by rooting capability.
Distribution MethodCopycat apps of famous ones, distributed via malicious web links.
Detection Tool See If Your System Has Been Affected by Trojan-Banker.AndroidOS.Tordow

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Tordow.

How Does Tordow Replicate

The crooks who redistribute this trojan have very cleverly though out the process of replicating this malware infection. One of the techniques the crooks use is to download an official application, such as Pokemon Go, Vkontakte or Telegram and strip it’s code down to add a malicious script in it. Then, they re-upload the modified malicious application and upload it on shady third-party websites.

Since such websites do not have their method of self-replicating, the crooks may also link these websites and advertise the malicious links that may cause the download of such apps. This can happen in many ways, one of which is Facebook spam that advertises the app, just like My Secret Video Facebook malware does.

After the apps are installed on the device, the malware then may connect to multiple third-party web links and download the full payload of the Tordow trojan.

infection-tordow-banking-malware-sensorstechforum

Tordow Trojan – What Does It Do

The malware is particularly clever in it’s actions. One action it performs is that it coordinates with the fake application which acts as a downloader. After the application downloads the malicious files, which are encrypted for obfuscation, it decrypts them on the device and executes them.

After this has been done, the malicious application may also download updates to the application adding new features to it’s currently existing ones. And the currently existing features are so many that they give the ones who have infected you a remote control like permissions:

  • Full control of the SMS service.
  • Full control of the phone’s calls.
  • Balance checks of the phone.
  • Obtaining the phone’s contacts.
  • Changing the malicious server from which files are downloaded.
  • Creating a lock screen on the device and showing a web page.
  • Making lists that collect password and username information for different services.
  • Switching down and turning off a device.

Besides those many features, this malware also has the capability of rooting the phone, meaning that the cyber-criminals may have access to more features as well, just as a root user. This, besides giving them full control to the phone’s apps, software, and hardware, it also allows them to steal all the information they wish to and input it in their automatically generated login databases.

Summary and Protection Tutorial for Tordow Banking Trojan

The Tordow banking trojan is a very dangerous threat, and the crooks who developed it are particularly clever. One reason is that they have managed to successfully focus on Android devices since mobile payment usage is becoming more frequent than ever. All users who use mobile payment methods and have installed applications from suspicious locations should secure their phone by hard resetting it, which can be easily done if you follow the instructions after this article.

1. Back up the data on your device
2. Hard-reset your device and remove Trojan-Banker.AndroidOS.Tordow
3. Restore missing or corrupt files using special file restoration software

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.