New Android Malware Uses Tor Privacy Network
A new strain of Android malware uses the Tor privacy network to avoid detection while it snoops on your text messages, according to a report by Moscow-based security firm Kaspersky Lab.
Dubbed Backdoor.AndroidOS.Torec.a, the Trojan connects to what's called a command-and-control server, through which, as the name implies, the Trojan's creators can send commands to infected phones.
Once on your phone, the Trojan can collect and export a phone's vital information: telephone number, country, unique device ID, phone model, operating system and the names of all installed apps.
The malware can also prevent the user from sending and receiving SMS text messages, and can let the criminals send text messages to any number they specify through the command server.
This is especially serious if you have any kind of two-step verification enabled that sends unique verification codes to your mobile phone, because the criminals could intercept the codes and, if they know your primary password, could then access your online accounts.
The malware's code is largely based on a Tor client for Android called Orbot, Kaspersky security expert Roman Unuchek wrote on Securelist, the company's blog for security professionals. Unuchek didn't specify how the Trojan got onto infected phones, but noted that it didn't pose as Orbot in an attempt to get people to install it.
Tor, short for "The Onion Router," is an Internet networking protocol that anonymizes Web traffic by bouncing it around thousands of volunteer Tor network servers, or relays. Users with a Tor client can anonymously browse the Internet without their Web traffic being traced back to them.
Often, security researchers take down such cybercriminal operations by tracing the malware used back to command-and-control servers. Malware that uses Tor makes that much more difficult.
Similar Tor-based malware attacks have been seen on Windows computers for some time now. But Kaspersky says this is the first Android-based malware that uses Tor.
Websites hosted on the Tor network (most famously the now-defunct Silk Road black market) are difficult to trace back to a physical location because the network masks their IP addresses. Unuchek described the site behind this particular Android Trojan as "impossible to shut down."
The good news is that maintaining a Tor connection, while difficult to trace, is also very taxing on the device's battery. If your phone seems to be running out of juice much faster than usual, you should run an anti-malware scan.