Researchers have detected a new Android malware family, the Trojan-Banker.AndroidOS.Tordow.a, raging out and targeting Android users. The Trojan infects smartphones, roots them, steals valuable information and sends it to the crooks` server.
The Trojan`s (or Tordow`s) first infections were noticed in February this year as the majority of them occurred due to users downloading Android applications from illegitimate stores.
Anton Kivva, a malware analyst at Kaspersky Lab, explained that Tordow is mainly spread via clones of popular Android apps, including DrugVokrug, Pokemon Go, Subway Surf, VKontakte, Telegram, and Odnoklassniki.
The Trojan`s authors compromise these apps by unpacking their source code and adding their own malicious one inside. Then, they repack them and upload the new malevolent clone version on third-party app stores.
One an unsuspecting user downloads and runs the app for the first time, they trigger the malicious code. Kivva adds that this code also plays the role of a downloader, getting more malicious codes on the victims` phones. Some of this additional codes contain an exploit, which allows the crooks to gain root privileges on the device.
One having gained root access, the phone is under the complete control by the attackers. According to Kivva, Tordow features the ability to make phone call, steal contacts and send, steal and delete SMSs.
Furthermore, the Trojan is able to download and run additional files, block specific webpages, install and remove apps, change the names of the files and upload them to an online server, and reboot the Android device.
The researcher adds that, aside from all that, Tordow goes after the database of the Android stock browser and Chrome for Android as well. This database stores not only the user’s browsing history but also their passwords. The Trojan also target the victims` photo galleries.
Of course, this Android Trojan is neither the first one to feature rooting capabilities, nor the first one to go after the users` browsing history and photos. For instance, the Marcher Android Trojan is able to steal logins from a multitude of Android applications, and the Android.Loki Trojan also roots devices.
Other Android Trojans with the ability to root the targeted devise are, Libskin, Matrix, Rootnik, Shuanet, Godless, and Ztorg.