New TimpDoor Android Malware turns Mobile Devices in to Proxies

Researchers have discovered a new Android malware named TimpDoor which turns mobile devices to hidden proxies

New Android malware dubbed TimpDoor turns mobile devices to proxies
The malware was discovered the security researchers at McAfee
The malware is distributed through as active phishing campaign using text messages.
It starts a Socks proxy which redirects all network traffic from a third-party server without users consent.
The malware has already infected 5000 devices and has been actively targeting devices in the U.S

Researchers have discovered a new Android malware named TimpDoor which turns mobile devices to hidden proxies. According to researchers from McAfee, the malware is distributed through a phishing campaign. The phishing campaign uses text messages to trick users to download and install a fake voice messaging app. After the app is installed a background service starts a Socks proxy which redirects all network traffic from a third-party server without users consent. It is redirected through an encrypted connection using secure shell tunnel which allows potential access to internal networks and bypasses network security mechanisms. The devices infected with TimpDoor malware could serve as a backdoor and the attackers could use a network of compromised devices to send spam, phishing emails, performing ad click fraud, or launching distributed denial-of-service attacks. According to the analysis the earliest variant was spotted in March and latest variant in the end of August. The malware has already infected 5000 devices and has been actively targeting devices in the United stated since the end of March. Users in the U.S has been reporting a text message saying they have two voices to review and asking them to click the URL to hear them. If the user clicks the URL they will be redirected to fake web page pretending to be a popular classified advertisement website and users will be asked to install an application to hear the voice. [caption id="attachment_7312" align="alignnone" width="335"]

Source: McAfee[/caption] The fake page also contains instructions to install the app and user are asked to enable installation from unknown sources if the installation failed. When the user clicks download voice app a VoiceApp.apk is downloaded from a remote server. [caption id="attachment_7313" align="alignnone" width="330"]

Source: McAfee[/caption] After installation, once the user listens to voice messages and closes the app. It hides the icon from the screen and starts a service in the background without users consent. In the next step, the malware gathers device information such as device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address. Once collected it starts a secure shell (SSH) connection to the control server and sends the device ID to get a assigned remort port. Afterwards, this port will be used for remote port forwarding. “TimpDoor is the latest example of Android malware that turns devices into mobile backdoors—potentially allowing cybercriminals encrypted access to internal networks, which represents a great risk to companies and their systems. The versions found on the distribution server and the simple proxy functionality implemented in them shows that this threat is probably still under development. We expect it will evolve into new variants.” TimpDoor is not the first Android malware which turns the mobile device into proxies earlier in April 2017 researchers discovered MilkyDoor which is believed to be the successor of DressCode has the same capabilities.

Always follow these basic steps to prevent your smartphone from infection:

Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
Don’t download attachments from unknown sources.
Always Use google play store to install apps, don’t use any third party app stores.
Download apps from verified developers and check their app rating and download counts before installing an app.
Verify app permission before installing an app.
Install the best and updated antivirus/anti-malware software which can detect and block these type of malware.
Always keep play protection ON
Always keep your device OS and apps up to date.

For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.

You may be interested in reading:New FilesLocker Ransomware Discovered Distributing as a Ransomware as a Service

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

New TimpDoor Android Malware turns Mobile Devices in to Proxies

Researchers have discovered a new Android malware named TimpDoor which turns mobile devices to hidden proxies

Always follow these basic steps to prevent your smartphone from infection:

Share Your Story!

No featured articles available

Researchers have discovered a new Android malware named TimpDoor which turns mobile devices to hidden proxies

Always follow these basic steps to prevent your smartphone from infection:

Stay Updated with the Latest Cybersecurity News