PRESS RELEASE
Woburn, Massachusetts – March 20, 2024 – Today, Kaspersky researchers shared the discovery of three new dangerous Android malware variants. Tambir, Dwphon, and Gigabud malicious programs have diverse functionality, ranging from downloading other programs and stealing credentials to bypassing two-factor authentication (2FA) and screen recording, jeopardizing your privacy and security. ‘user.
Tambir is a spyware application targeted at Turkish users. Disguised as an IPTV app, Tambir collects sensitive user information, such as SMS messages and keystrokes, after obtaining appropriate permissions. The malware supports over 30 commands retrieved from its Command and Control (C2) server and has been compared to the GodFather malware, which is among the top 3 mobile malware in the regiondue to its similarities in target location and use of Telegram for C2 communication.
Dwphon, discovered in November 2023, targets mobile phones from Chinese OEM manufacturers, mainly targeting the Russian market. The malware is distributed as a component of a system update application and collects device information as well as personal data. It also collects information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on your device. One of the analyzed samples also included the Triada Trojan, one of the most Widespread mobile trojans of 2023which suggests that the Dwphon modules are related to Triada.
Gigabud, active since mid-2022, initially focused on stealing users’ banking credentials in Southeast Asia, but later crossed borders into other countries, including Peru. It has since evolved into a fake loan malware and is capable of recording screen and imitating users’ touch to bypass 2FA. The malware contains Chinese language artifacts and has been observed mimicking apps from companies in Thailand and Peru.
“As Kaspersky’s mobile threat report shows, Android malware and riskware activity increased in 2023 after two years of relative calm, returning to levels seen in 2021 by the end of the year,” Jornt van der Wiel, researcher Senior Security Officer at Kaspersky’s GReAT. “Users should exercise caution and avoid downloading apps from unofficial sources by meticulously reviewing app permissions. These apps often lack exploitative features and rely solely on user-granted permissions. Additionally, using anti-malware tools can help preserve the integrity of your Android device.”
In 2023, Kaspersky solutions blocked nearly 33.8 million attacks on mobile devices by malware, adware and riskware, a 50% increase in such attacks compared to the previous year’s figures.
Read the full report on the new Android malware on Securelist.com.
To protect your Android device, follow these tips:
· It is safer to download your apps only from official stores like Google Play. The apps on this market are not 100% safe, but at least they are checked by store representatives and there is a certain filtering system: not all apps are suitable for inclusion in these stores.
· Check the permissions of the apps you use and think carefully before granting them, especially when it comes to high-risk permissions such as those related to accessibility services.
· A reliable security solution helps you detect malicious apps and adware before they start behaving maliciously on your devices. Conveniently, you can get protection, for example Kaspersky Premiumdirectly from mobile operators.
· A good tip is to update your operating system and important apps as soon as updates become available. Many security issues can be resolved by installing updated versions of the software.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise continually translates into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers all over the world. The company’s comprehensive security portfolio includes industry-leading endpoint protection and specialized security solutions and services, as well as Cyber Immune solutions to combat sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 business customers protect what matters most to them. More information at www.kaspersky.com.