Sunday, November 10, 2024
HomeMalwareComodo Threat Research Labs discovered new sophisticated malware “Tordow v2.0” easily gain...

Comodo Threat Research Labs discovered new sophisticated malware “Tordow v2.0” easily gain your mobile root privilege

Published on

Malware protection

Android malware “Tordow v2.0” which specifically affected to mobile bank user in Russia has been discovered by Threat Researchers of comodo TRL.

spoke person said ,Tordow is the first mobile banking Trojan for the Android operating system that seeks to gain root privileges on infected devices.

Root access of mobiles no needed to perform its malicious activities, but with root access hackers can do many things in mobile devices.

- Advertisement - SIEM as a Service

How danger Tordow v2.0:

Comodo Researcher’s said ,”Tordow 2.0 can make telephone calls, control SMS messages, download and install programs, steal login credentials, access contacts, encrypt files, visit webpages, manipulate banking data, remove security software, reboot a device, rename files, and act as ransomware.”

It can able to collect the the technical things in mobile devices including the information about device hardware and software, operating system, manufacturer, Internet Service Provider, and user location.

Ransomware funtionality:

Accordinng to the Report from comodo lab Crypto functionality has uniquely play with Ransomware operation .Tordow 2.0 possesses CryptoUtil class functions with which it can encrypt and decrypt files using the AES algorithm with the following hardcoded key: ‘MIIxxxxCgAwIB’. Its Android application package (APK) files, with names such as “cryptocomponent.2”, are encrypted with the AES algorithm.

How Tordow 2.0 gain root privilege:

There are nine different ways in which it verifies that it has gained root privileges. Its status is transmitted to one of the attacker’s command-and-control (C2) servers, such as one found at “https://2ip.ru”. With root access, the attacker can pretty much do anything, and it becomes difficult to remove such entrenched malware from an infected system.

Common way to spread Tordow 2.0:

Malware Researcher of Comodo TRL G. Ravi Krishna Varma said,Tordow spreads via common social media and gaming applications that have been downloaded, reverse-engineered, and sabotaged by malicious coders.

Apps that have been exploited include VKontakte (the Russian Facebook), Pokemon Go, Telegram, and Subway Surfers.

Infected programs are usually distributed from third-party sites not affiliated with official websites such as the Google Play and Apple stores, although both have had trouble with hosting and distributing infected apps before.

Affected applications are act as original one  but also include an exploit pack for root access, and access to downloadable Trojan modules, embedded and encrypted malicious functionality including the C2 communications,

Majority of victims & prevention :

Most of the victims has been affected in Russia  ,Comodo Request to the android users For protection against Tordow 2.0 and similar threats, users should keep their security software up-to-date, be suspicious of unsolicited links and attachments, and only download applications from official websites.

For more Technical Reference visit comodo blog .

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...

ToxicPanda Banking Malware Attacking Banking Users To Steal Logins

Recent research has uncovered a new strain of malware developed for Android devices, initially...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...