Kaspersky researchers have identified three dangerous new malware variants targeting Android devices: Tambir, Dwphon, and Gigabud. These malicious programs exhibit a range of functionalities, from stealing credentials to bypassing two-factor authentication, putting user privacy and security at risk.
This discovery comes amidst a surge in mobile malware attacks. Kaspersky solutions blocked nearly 33.8 million such attacks in 2023, a staggering 50% increase from the previous year. This rise follows a two-year period of relative calm, with activity returning to pre-pandemic levels by year-end. While the number of unique malware packages dropped, Kaspersky identified over 1.3 million targeting Android in 2023, suggesting a shift towards reusing existing packages for wider infection.
A Closer Look at the Threats
- Tambir: Disguised as an IPTV app, Tambir collects sensitive user data like SMS messages and keystrokes after gaining necessary permissions. It operates similarly to the GodFather malware and primarily targets users in Turkey, though other countries are also vulnerable.
- Gigabud: Initially focused on stealing banking credentials in Southeast Asia, Gigabud has evolved into a fake loan scam targeting a wider global audience. This malware can record user screens and mimic taps to bypass two-factor authentication.
- Dwphon: Discovered in November 2023, Dwphon targets smartphones from Chinese manufacturers, primarily in Russia. Previously found in a children’s smartwatch firmware, Dwphon masquerades as a system update app and collects device information, personal data, and details of installed apps. It can even download, install, and delete other applications. Additionally, some samples contained the Triada trojan, a prevalent mobile threat in 2023, suggesting a potential connection.
Protecting Your Device
“Kaspersky’s mobile threat report highlights a significant increase in Android malware activity,” says Jornt van der Wiel, senior security researcher at Kaspersky’s GRET. “Users should be cautious, avoid unofficial app stores, and meticulously review app permissions. Anti-malware tools can also significantly enhance your device’s security.”
Here are some key steps to safeguard your Android device:
- Download Apps Only from Official Stores: While not foolproof, official stores like Google Play vet apps through a filtering system, offering a layer of security.
- Be Mindful of App Permissions: Scrutinize app permissions before granting access, especially those related to sensitive functions like Accessibility Services. For instance, a flashlight app only needs access to the flashlight function, not the camera.
- Utilize Anti-Malware Tools: Employ a reliable security solution to detect malicious apps and adware before they compromise your device. Some mobile operators even offer security solutions like Kaspersky Premium.
- Maintain Updates: Regularly update your operating system and apps. These updates often address security vulnerabilities.
By following these recommendations and staying vigilant, you can significantly reduce your risk of falling victim to these and similar Android malware threats.
