A new malware known as TimpDoor, has been identified by cyber experts. This malware is considered a medium severity threat.

Malware overview:
Cyber experts have recently found an active phishing campaign using text messages (SMS) that tricks users into downloading and installing a fake voice-message app which allows cybercriminals to use infected devices as network proxies without users’ knowledge. If the fake application is installed, a background service starts a Socks proxy that redirects all network traffic from a third-party server via an encrypted connection through a secure shell tunnel, allowing potential access to internal networks and bypassing network security mechanisms such as firewalls and network monitors. McAfee Mobile Security detects this malware as Android/TimpDoor. Devices running TimpDoor could serve as mobile backdoors for stealthy access to corporate and home networks, because the malicious traffic and payload are encrypted. Worse, a network of compromised devices could also be used for more profitable purposes such as sending spam and phishing emails, performing ad click fraud, or launching distributed denial-of-service attacks.

A SOCKS server is a general purpose proxy server that establishes a TCP connection to another server on behalf of a client, then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP.

Targeted countries:
United States

Targeted sectors:

Android/TimpDoor Turns Mobile Devices Into Hidden Proxies

Malware Warning – TimpDoor
Tagged on: