Cybercriminals are distributing new Android malware via Phishing email campaign that turns infected smartphones into hidden mobile proxies. The proxies can be used to circumvent internal network security controls.
The McAfee Mobile Research team has identified the active phishing campaign that traps users by sending an SMS to influence them on downloading and installing an Android malware app TimpDoor. It is a fake voice-message app that allows attackers to infect the devices, without raising suspicion.
This Malware acts as a backdoor with stealthy access to the home and corporate network and the dropped payload is fully encrypted.
On Wednesday, cybersecurity firm McAfee said the campaign is spreading Android/TimpDoor, a malicious.APK which masquerades as a voice application.
Once TimpDoor is installed, a Socks proxy service is initiated in the background, which is responsible for redirecting the entire traffic on the network from a third-party server through an encrypted connection facilitated by a secure shell tunnel. This lets attackers get access to internal networks of the system after evading the implemented network security methods like network monitors and firewalls.
TimpDoor malware activities identified since March and researchers found the 26 malicious APK files in August and it affected at least 5000 victims.
TimpDoor circumvents the security procedures and protections offered by Google’s Play Store. The attackers behind the malware have not sought to host their malicious software in the app repository; instead, the malware spreads via text messages containing a malicious link to the fake app.
Some other probable outcomes of this fake app, identified by McAfee researchers in their report, include: “Worse, a network of compromised devices could also be used for more profitable purposes such as sending spam and phishing emails, performing ad click fraud, or launching distributed denial-of-service attacks,” wrote Carlos Castillo of McAfee in his blog post.