Thursday, March 28, 2024

Comodo Threat Research Labs discovered new sophisticated malware “Tordow v2.0” easily gain your mobile root privilege

Android malware “Tordow v2.0” which specifically affected to mobile bank user in Russia has been discovered by Threat Researchers of comodo TRL.

spoke person said ,Tordow is the first mobile banking Trojan for the Android operating system that seeks to gain root privileges on infected devices.

Root access of mobiles no needed to perform its malicious activities, but with root access hackers can do many things in mobile devices.

How danger Tordow v2.0:

Comodo Researcher’s said ,”Tordow 2.0 can make telephone calls, control SMS messages, download and install programs, steal login credentials, access contacts, encrypt files, visit webpages, manipulate banking data, remove security software, reboot a device, rename files, and act as ransomware.”

It can able to collect the the technical things in mobile devices including the information about device hardware and software, operating system, manufacturer, Internet Service Provider, and user location.

Ransomware funtionality:

Accordinng to the Report from comodo lab Crypto functionality has uniquely play with Ransomware operation .Tordow 2.0 possesses CryptoUtil class functions with which it can encrypt and decrypt files using the AES algorithm with the following hardcoded key: ‘MIIxxxxCgAwIB’. Its Android application package (APK) files, with names such as “cryptocomponent.2”, are encrypted with the AES algorithm.

How Tordow 2.0 gain root privilege:

There are nine different ways in which it verifies that it has gained root privileges. Its status is transmitted to one of the attacker’s command-and-control (C2) servers, such as one found at “https://2ip.ru”. With root access, the attacker can pretty much do anything, and it becomes difficult to remove such entrenched malware from an infected system.

Common way to spread Tordow 2.0:

Malware Researcher of Comodo TRL G. Ravi Krishna Varma said,Tordow spreads via common social media and gaming applications that have been downloaded, reverse-engineered, and sabotaged by malicious coders.

Apps that have been exploited include VKontakte (the Russian Facebook), Pokemon Go, Telegram, and Subway Surfers.

Infected programs are usually distributed from third-party sites not affiliated with official websites such as the Google Play and Apple stores, although both have had trouble with hosting and distributing infected apps before.

Affected applications are act as original one  but also include an exploit pack for root access, and access to downloadable Trojan modules, embedded and encrypted malicious functionality including the C2 communications,

Majority of victims & prevention :

Most of the victims has been affected in Russia  ,Comodo Request to the android users For protection against Tordow 2.0 and similar threats, users should keep their security software up-to-date, be suspicious of unsolicited links and attachments, and only download applications from official websites.

For more Technical Reference visit comodo blog .

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles