Home CII/OT Kaspersky uncovers three new Android malware threats

Kaspersky uncovers three new Android malware threats

Kaspersky uncovers three new Android malware threats

In a recent press release from Woburn, MA, Kaspersky researchers have unveiled the presence of three new Android malware variants that pose a significant threat to user privacy and security. Named Tambir, Dwphon, and Gigabud, these malicious programs exhibit a range of features, including downloading other harmful programs, stealing credentials, bypassing two-factor authentication (2FA), and even screen recording.

Tambir, identified as spyware, specifically targets users in Turkey. Disguised as an IPTV app, Tambir gathers sensitive user information such as SMS messages and keystrokes after gaining the necessary permissions. The malware can execute over 30 commands received from its Command and Control (C2) server and has been likened to the GodFather malware in terms of target location and the use of Telegram for C2 communication.

Dwphon, which was discovered in November 2023, focuses primarily on cellphones from Chinese OEM manufacturers and aims at the Russian market. This malware is distributed as part of a system update application and collects device information along with personal data. Dwphon can also gather data on installed third-party applications and has the ability to download, install, and delete other applications on the infected device. Furthermore, some samples of Dwphon include the Triada trojan, one of the most widespread mobile trojans of 2023, indicating a connection between the two.

Gigabud, which has been active since mid-2022, initially targeted banking credentials of users in Southeast Asia but later expanded its reach to other countries like Peru. It has transformed into a fake loan malware and is capable of screen recording and mimicking user taps to bypass 2FA. Interestingly, the malware contains elements in the Chinese language and has been observed imitating apps from companies in Thailand and Peru.

Jornt van der Wiel, a senior security researcher at Kaspersky’s GReAT, highlighted the rise in Android malware and riskware activity in 2023 after a period of relative calm. He advised users to exercise caution, avoid downloading apps from unofficial sources, carefully review app permissions, and use anti-malware tools to secure their Android devices.

In 2023, nearly 33.8 million attacks on mobile devices were blocked by Kaspersky solutions, indicating a 50% increase in such attacks from the previous year. To protect Android devices, Kaspersky recommends downloading apps only from official stores like Google Play, checking app permissions before granting them, using security solutions to detect malicious apps, updating the operating system and important apps regularly.

Kaspersky, a global cybersecurity and digital privacy company founded in 1997, offers innovative security solutions and services to safeguard businesses, critical infrastructure, governments, and consumers worldwide. With over 400 million users protected by Kaspersky technologies and over 220,000 corporate clients, the company continues to evolve its threat intelligence and security expertise to combat digital threats effectively.

For more information on the new Android malware report, visit Securelist.com. To learn more about Kaspersky and its comprehensive security portfolio, visit www.kaspersky.com.

Source link


Please enter your comment!
Please enter your name here