Call Us : +91-771045-0011 | +91-771045-0022

Beware Android Users, Now Tordow Malware Can Encrypt Your Files Too


Category : Malwares

The Tordow Malware is an old malware which was first detected by security researchers of Kaspersky Lab in September of this year. At its initial stage, this malware came as a Banking Malware which was performing some advanced actions to help the attackers for gaining root access of device. Moreover, the malware was installing some remote code packets in the compromised devices, which had been written by the hackers to take full control of a device. According to a recent report of security firm COMODO now, this malware also has capabilities to perform as a ransomware. The malware has been updated by its authors into its latest version Tordow v2.0 by adding more advanced features.

About Previous Version of Tordow Malware

The initial version of Tordow malware was capable of performing following actions and thousands of Android users were targeted by the hackers initially:

  • Stealing, Sending and Deleting SMS from Victim’s Device
  • Incoming and Outgoing Voice Calls Recording
  • Blocking Voice Calls
  • Stealing Contact Information
  • Fetching Balance Information
  • Remote Application Installations
  • Stealing Personal Data of Victim

About Tordow v2.0

The security researchers of US-based security firm COMODO detected that Tordow 2.0 contains all the previous features and now it has some new features which are allowing this malware to behave like a ransomware.

  • Stealing Login Credentials of Applications
  • Manipulating Financial Applications
  • Spying on Web Pages
  • Disabling Security features
  • Disabling Security Software
  • Encrypting/Decrypting various type of files
  • Stealing Sensitive Information Stored in Browsers (Google Chrome)
  • Collecting Hardware/ Software Information of Compromised Device
  • Collecting Operating System Information
  • Collecting Information regarding ISP, Manufacturer, and Location of Victim.

Tordow 2.0 is using AES algorithm to encrypting/decrypting files of compromised Android devices. This Trojan is using ‘MIIxxxxCgAwIB” hard-coded key to encrypt files. According to COMODO, some advanced s has been added by the authors into its source code to check whether Trojan has gained the root access or not. There are nine ways to check this.

How Hackers Are Controlling This Malware?

The hackers are controlling this malware through command and control servers. Hackers are getting all the stolen information through these servers and commanding the malware from backend to perform a particular action by sending remote codes.

Some Applications, Which are Spreading This Malware

I strongly recommend you to install all the applications from the official app store for Android. All the third party app stores are the home of malware. Hackers are spreading this malware through following applications which are available on third party app stores:

  • Pokemon Go
  • Subway Surfers
  • VKontakte
  • Telegram
  • Various Adult Applications

Any application which is available on the third party app store will work as a legitimate application. But in actual, the app is a backdoor which has been created by hackers to get entry into your device. Hackers will exploit the vulnerabilities of your device through this backdoor by using encrypted malicious codes.

How to Protect Android Devices From This Malware?

  • Always install applications from official “Google Play Store”. Never ever install any application from the third party app store.
  • Keep your device up-to-date. When an update is available, install it asap.
  • Don’t enable “Install applications from Untrusted Sources” feature. You can disable it from settings.
  • Keep yourself up-to-date with latest cyber security threats by reading our articles.

Similar Articles:

Android Trojan Alert! This Trojan is Stealing Your Money and Personal Details!

Contact Us


Request more information

suggested for you

Proudly Operated from India

© 2016 Copyrights. All Rights Reserved

Bootstrap Example

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.

Sign Up Log In