An Android banking malware dubbed Tordow by Kaspersky researchers has been detected to obtain all types of banking credentials as well as steal login details and root devices. The creators of this malware have designed it to function primarily as banking malware giving many profitable opportunities for the cyber-criminals who are going to be using it. Users are strongly advised to read this article and learn how to protect themselves from this Android OS banking malware.
|Short Description||Android Banking Malware/Infostealer|
|Symptoms||Gives permissions to the cyber-criminals to perform malicious activities on your Android device. Full control by rooting capability.|
|Distribution Method||Copycat apps of famous ones, distributed via malicious web links.|
|Detection Tool|| See If Your System Has Been Affected by Trojan-Banker.AndroidOS.Tordow |
Malware Removal Tool
|User Experience||Join our forum to Discuss Tordow.|
How Does Tordow Replicate
The crooks who redistribute this trojan have very cleverly though out the process of replicating this malware infection. One of the techniques the crooks use is to download an official application, such as Pokemon Go, Vkontakte or Telegram and strip it’s code down to add a malicious script in it. Then, they re-upload the modified malicious application and upload it on shady third-party websites.
Since such websites do not have their method of self-replicating, the crooks may also link these websites and advertise the malicious links that may cause the download of such apps. This can happen in many ways, one of which is Facebook spam that advertises the app, just like My Secret Video Facebook malware does.
After the apps are installed on the device, the malware then may connect to multiple third-party web links and download the full payload of the Tordow trojan.
Tordow Trojan – What Does It Do
The malware is particularly clever in it’s actions. One action it performs is that it coordinates with the fake application which acts as a downloader. After the application downloads the malicious files, which are encrypted for obfuscation, it decrypts them on the device and executes them.
After this has been done, the malicious application may also download updates to the application adding new features to it’s currently existing ones. And the currently existing features are so many that they give the ones who have infected you a remote control like permissions:
- Full control of the SMS service.
- Full control of the phone’s calls.
- Balance checks of the phone.
- Obtaining the phone’s contacts.
- Changing the malicious server from which files are downloaded.
- Creating a lock screen on the device and showing a web page.
- Making lists that collect password and username information for different services.
- Switching down and turning off a device.
Besides those many features, this malware also has the capability of rooting the phone, meaning that the cyber-criminals may have access to more features as well, just as a root user. This, besides giving them full control to the phone’s apps, software, and hardware, it also allows them to steal all the information they wish to and input it in their automatically generated login databases.
Summary and Protection Tutorial for Tordow Banking Trojan
The Tordow banking trojan is a very dangerous threat, and the crooks who developed it are particularly clever. One reason is that they have managed to successfully focus on Android devices since mobile payment usage is becoming more frequent than ever. All users who use mobile payment methods and have installed applications from suspicious locations should secure their phone by hard resetting it, which can be easily done if you follow the instructions after this article.