[Oct 25, 2018]
Cyber criminals distributing new Android malware via Phishing email campaign that turns infected smartphones into hidden mobile proxies.
This malicious app installing a fake voice-message app and turns it as a network proxies without users knowledge.
This Malware named as TimpDoor that act as a backdoor with stealthy access to the home and corporate network and the dropped payload is fully encrypted.
Once the malware successfully installed, a background service starts a Socks proxy that redirects all network traffic from a third-party server via an encrypted connection using secure shell Tunnel.
Also this malware evade the security futures such as firewalls and monitoring tool to access internal network.
TimpDoor malware activities identified since March and researchers found the 26 malicious APK files in August and it affected atleast 5000 victims.
Soon after the service starts, Malware begins to gathering the system information such as device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address.
Cyber Security Tips:
- Disable the installation of apps from unknown sources in your phone’s settings.
- Only install apps from Google Play.
- Do Not Root Your Device.
- Update Your Device When Prompted.
- Back Up Your Personal Data Regularly.