1(630)802-8605 Ravi.das@bn-inc.net

Well, after a week of not blogging, it feels good to be back at it again today.  Being out of the Cyber security news feeds for some time, I spent quite some time this morning on what to write about. So I decided on something that hits close to home:  Your Smartphone.

I didn’t realize how heavily dependent I have become on until last week.  As I have said before, just imagine if you do lose your Smartphone:  You will feel totally desperate, mixed in with a sense of either paralysis or hopelessness. The latest Security threat to come out may even make you more scared.

There is a new malware out there that is geared specifically towards the Android device.  It has been called “TimpDoor”, and Cyber security researchers just discovered it.  What is unique about it is that is sent an SMS text message, and is launched as a Phishing campaign at targeted users.  But it is not simply a message with just content in it, rather it is a voice message.

Once the end user plays the voice message, the malware is then downloaded onto the Android device.  But, the damage just does not end there.  Once the malicious .EXE file has been installed, all of your confidential information and data (as well as all network traffic from your Android device) is then sent back to some remote server, making use of a very strong levels of encryption.

At the current time, this is a Secure Shell (SSH) based wireless connection.  In order to make sure that it remains active, mechanisms are used such as alarms, in order alert the Cyber attacker in case of any unknown infiltrations into the connection, or it just simply dies down for some reason or another.

As a result, the Cyber attacker, then for the most part, can bypass all known Security mechanisms.  In a way, your Android device can become a “Bot” in which the Cyber attacker can use to launch even more malicious attack campaigns (such as Business Email Compromise, Spear Phishing, Distributed Denial of Service, etc,) to millions of other wireless devices all at once.

In addition to this, they can use your infected device to also tap into your employer’s corporate network as well, and steal private information and data from there as well.

So far, TimpDoor has been active since March of this year, and has infected well over 5,000 devices.  This malware also installs itself as a malicious application on your Android device as well.  But to the end user who downloads every app under the sun, they probably don’t even notice this.  Some of the telltale signs of this include fake Recent, Saved, and Archive icons.

Even the entire duration of the recorded voice message does not correspond with the length of the audio files. The only thing that works on this is the are the fake voice messages, which do sound authentic.  But it is important to note that even data that is relevant to your Android device is also transmitted over the encrypted wireless communications line, and these include:

*The Device ID;

*The specific brand of Smartphone;

*The Android OS version;

*The mobile carrier;

*The type of network connections your device uses

*All of your IP Addresses (both public and private) that are unique to your own device.

What is even scarier is that TimpDoor will even use geolocation services to track down your exact location 24 X 7 X 365 no matter where you are at.  Yikes, I say.

My thoughts on this?

Apparently the TimpDoor malware is not a new one, there have been other variants of it, which include the “MilkyDoor” malware, and the “Dress Code” malware.  But, it is the TimpDoor that can actually make your Android device into a Bot, in order to stage larger attacks simultaneously.

Although it is absolutely imperative that not only you guard your own device, but businesses and corporations that issue Android devices to their employees need to be even more on the alert.

The reason I say this is that since the Cyber attacker is already interested in network information/data and the types of wireless communications that are being used, your own Network Infrastructure will be at prime risk.  Although there have no documented cases of this happening, it is highly expected that this will become the next target for the Cyber attacker.

Cyber security researchers also believe that the TimpDoor malware is still under development, and is currently being refined in order to make it even more covert and malicious.  After all, only 5,000 devices haven infected, and this is number is still quite low when compared to the rest of the Android that have not yet been infected.

When I read the article, it first dawned on me . . . why would anybody on earth download a text based voice message that they are not even expecting? I mean, I would just delete the entire thing.  I always do that.  I never click on text messages that I am not expecting, or at least first glance, seem suspicious.

But once again, in these instances, the Cyber attacker is probably using a hijacked contact book to make the recorded message appear that it is coming from a legitimate source.

Just remember this cardinal rule and be safe:  DELETE ANY TEXT MESSAGES, VOICE BASED MESSAGES, AND EVEN EMAIL MESSAGES WHICH YOU ARE NOT EXPECTING.  IF IT LOOKS LEGITIMATE AND YOU ARE STILL NOT EXPECTING IT, ALWAYS CONTACT THE SENDER TO CONFIRM IF THEY HAVE INDEED SENT IT!!!