Skip to main content

Android Super-Malware Completely Takes Over Phones

Android devices are under attack yet again. In a blog posting earlier this week, security firm Comodo revealed that a new version of the Tordow banking Trojan, Tordow 2.0, goes further than most Android malware by rooting devices. That opens them up to virtually any attack imaginable.

Credit: Johan Larson / Shutterstock

(Image credit: Johan Larson / Shutterstock)

While the the malware's primary function to hijack and clean out online bank accounts, the fact that it roots the phone means it could do just about anything with the device. That includes making phone calls, sending text messages, installing apps, browsing the web, posting to social media and locking down your files for ransom.

The best defense is to avoid third-party app stores by making sure your Android device can't install apps from anywhere but the Google Play Store. Otherwise, you'll be completely on your own.

MORE: Best Android Antivirus Apps

Tordow 2.0 focuses primarily on Russian-speaking Android users and Russian bank accounts at the moment, although that can change, so those in the Western hemisphere shouldn't rest easy. Users get infected by downloading apps from third-party Android app stores and by sideloading Android app packages, or APKs, transmitted through social media. Any Android app from other than Google Play Store has the potential to be infected.

This is especially important because it's nearly impossible to remove Tordow once it gets root access to your phone or tablet, as Softpedia suggests. The only sure-fire fix is to flash new firmware, the Android equivalent of reinstalling the operating system. (A factory reset won't be enough.)

Comodo doesn't specify which versions of Android are vulnerable, but that may be a moot point as even the latest version, Android 7 Nougat, can be rooted. The Tordow malware contains an exploit pack that uses several different methods to root a device.

To protect yourself, don't use third-party app stores and don't sideload apps. Download your programs exclusively from the Google Play Store, even if someone tells you can get Super Mario Run early by sideloading it. Make sure you're safe by going into your Android device's Settings menu, selecting Security and then toggling Unknown Sources to "off."

Otherwise, you'll want to make sure your Android device is upgraded to the latest possible build of Android. Later builds may not be impregnable, they're still safer than their earlier siblings. And, as always, we recommend installing and running Android antivirus software.