According to an article published by Sing of The Times, an android banking Trojan that was discovered a few months ago has now been updated with a few tweaks, now to perform specialised attacks via root privileges on android phones. The Trojan is known as Tordow Trojan, or Trojan-Banker.AndroidOS.Tordow.a in the professional world. Like any other virus-spreading tactic, this one is also being spread via the android applications that are being distributed outside of Google’s PlayStore. You’ll find the list of apps below:
Pokémon Go
Subway Surfer
Vkontakte
Telegram
Odnoklassniki
& Drug Vokrug
However, according to the experts, the modded applications look and perform like genuine applications – however, there is an additional code at work. When the experts dissected an application, they found out that malicious code in those softwares’ decrypts the file(s) that were hidden in the application as soon as it is launched, thus making it initially undetectable. Afterwards, it downloads the primary Trojan file, which then becomes a gateway to several other files. The additional links lead to exploits that can provide a hacker with tools for granting root privileges to the targets device, or add several other malware (depending on the hacker’s intention.) And it doesn’t stop there. All components installed by the hacker also open doors to the additional installation of modules, which ultimately leads the hacker to control the device for malevolent purposes.
Such sets of attributes in a Trojan expands its capabilities beyond a banking Trojan, and thus, makes it a perfect malware for stealing money from users.
The malware has the capability to send messages to anyone from your phone; it can delete your messages in the inbox or the ones that were archived, as well as copy your messages in its server and record your live calls. It will alter the call logs and even reroute both incoming and outgoing calls, check how much money you have on your SIM card and transfer that balance to the desired number (depends if the service is provided by your carrier).
Again, it doesn’t stop there. The malicious tool has the ability to execute commands on your device, control applications, or lock the device completely. It can even redirect you to a hacker defined web page for money sending instructions – something commonly found in a ransomware. Along with all those stated above, it can also create files, rename them, and reboot your device.
Like many banking Trojans in the market, this one, like the very few, uses a common set of exploits to root the target’s device, which offers administrative and hidden features to the hacker – the Trojan can install module(s) in the root or system folder and alter and remove system files and scripts.
Moreover, the malicious code allows the hacker to gain access to the hacked devices default browser database, as well as Google Chrome’s database, which means that Tordow’s designers have all the users passwords, usernames, cookies, browsing history, and banking details sitting on their servers. Since Tordow has unprecedented access to the device because of its rooting tactic, it allows the hackers, not just to steal the browser data, but also gives access to images, documents and system files containing account data used in the applications. These include the credit or debit card details used in the applications. These sets of features make Tordow Trojan one of the most dangerous malware out there.
Source: Sott
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (The Banking Trojan that can take Anything it Wants from Your Phones and Tablets) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.