A scary piece of malware just got a lot more terrifying this week. Security firm Comodo reports that "Tordow," a banking Trojan first uncovered in September 2016, received a massive update this December.
The new "Tordow 2.0" hack stands out among other types of malware because it has the ability to gain root access on Android devices. This makes Tordow 2.0 especially vicious, as it enables the malware to do the following:
- steal login credentials
- empty out online bank accounts
- make phone calls and control SMS texts
- act as ransomware
- visit websites
- reboot your phone
- encrypt and/or rename files
- access contacts
- scan web browsers like Chrome for sensitive information
Tordow 2.0, in short, is capable of doing almost anything it wants to do on your phone. As of now, the malware has been largely isolated to Russia, but cybersecurity experts are keeping an extremely close tab on Tordow and its movements. Comodo explains:
Although the majority of victims have been in Russia, successful hacker techniques usually migrate to other parts of the globe.
It is extremely difficult to remove Tordow 2.0 due to its ability to root. Once downloaded, the malware spreads to every nook and cranny of the host device's system and files. The only effective way to rid yourself of Tordow is flash a stock firmware into your device. Simply doing a hard reset on the device won't work.
As this malware's primary mode of transmission is through infected third-party apps, the best way to protect yourself from Tordow is to completely steer clear of applications that aren't hosted on the Google Play Store. If you see a link for a modded Pokémon GO that lets you magically jog around your block several times while you're sitting down, resist temptation and close it immediately!
If you're stubborn and insist on downloading non-official apps, there are sites like APKMirror that verify third-party apps before they publish them for downloading. Forums like the ones on XDA Developers are also good places to visit. Just make sure that you download from members with great reputations to minimize exposure.
Other ways to keep Tordow 2.0 out of your Phone include keeping your antivirus software up to date, being watchful of unsolicited links, and keeping up with your carrier's OTA updates.
We'll be keeping you updated with any new developments concerning Tordow 2.0, so stay posted.