PESHAWAR: Researchers associated with Kaspersky, a global cybersecurity and digital privacy company, have analyzed three new dangerous Android malware variants.
The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication and screen recording, jeopardizing user privacy and security, warns Kaspersky in a press statement issued here on Wednesday.
Kaspersky researchers shared that in 2023, Tambir is a spyware application disguised as an IPTV app. It collects sensitive user information, such as SMS messages and keystrokes, after obtaining the appropriate permissions.
Gigabud, active since mid-2022, was initially focused on stealing banking credentials from users in Southeast Asia, but later crossed borders into other countries and regions.
It has since evolved into a fake loan malware and is capable of screen recording and mimicking tapping by users to bypass two-factor authentication. Dwphon, discovered in November 2023, targets cellphones from Chinese OEM manufacturers, primarily targeting the Russian market.
The same malware earlier had been found in the firmware of a kids’ smart watch by an Israeli manufacturer distributed mainly in Europe and the Middle East. Dwphon is capable of downloading, installing and deleting other applications on the device.
“Users should exercise caution and should avoid downloading apps from unofficial sources, meticulously reviewing app permissions,”.
Frequently, these apps lack exploitation functionality and depend solely on permissions granted by the user. Furthermore, using anti-malware tools can help preserve the integrity of your Android device,” comments Hafeez Rahman, Technical group manager at Kaspersky.
It merits mention here that Kaspersky solutions blocked nearly 33.8 million attacks on mobile devices from malware, adware, and riskware, highlighting a 50% global increase of such attacks from the previous year’s figures.
Last year Kaspersky detected more than 1.3 million unique malicious installation packages targeting the Android platform and distributed in various ways. Among these were Tambir, Dwphon and Gigabud malicious programs with the diverse features. Mobile users were advised that to protect their Android device, it’s safer to download your apps only from official stores like Google Play.