Android Mobile Malware Uses Anonymous Tor Network to Hide Its Tracks

Security researchers from Kaspersky Labs have spotted a new piece of malware targeting mobile devices running on the Android operating system that has the ability to cloak its origins, making it "impossible to shut down".

The malware, which Kaspersky calls "Backdoor.AndroidOS.Torec.a," has the ability to intercept SMS text messages sent on a smartphone and collect other data from the handset including the user's mobile number, the device's unique IMEI serial number and request GPS coordinates to identify where the device is currently located.

Hackers are beginning to target smartphones and tablets over PCs, as these powerful devices increasingly contain a wealth of personal data. Kaspersky Labs says it has so far collected 143,211 samples of mobile malware, and that Android is the target 98% of the time.

Tor anonymity network

According to Kaspersky Lab expert Roman Unuchek, the malware makes use of software called Orbot, which was designed to bring the capabilities of the infamous Tor network to Android, allowing the malware to connect to cybercriminals' remote servers without being detected.

Tor (The Onion Router) is an internet browser which can connect to websites on a part of the internet known as the Dark Web. By routing the connection between the user and the website through thousands of different servers across the globe, tracking data sent through Tor is almost impossible. Dark Web websites cannot be found through search engines like Google and Bing.

While it has valid uses - such as for anonymous sources to communicate with journalists - Tor has become notorious for spreading child abuse images and for allowing people to buy and sell illegal substances anonymously, using websites like the Silk Road online drugs marketplace and its competitors BlackMarket Reloaded and Utopia, which have all been shut down.

Kaspersky says that 40% of the mobile malware attacks are currently targeted at people living in Russia, however it is likely that the 'Backdoor.AndroidOS.Torec.a' trojan will soon widen its reach.

Easier way to make money

'Backdoor.AndroidOS.Torec.a' also includes the ability to send an SMS text message to a specified number, which could be used to text premium numbers charged at £1 a message.

AVG Technologies' CTO Yuval Ben-Itzhak told IBTimes UK in an interview recently: "The smartphone is ten times easier [to make money from], as the smartphone is attached to your credit card details."

"In the time before smartphones, as a hacker if I stole your credit card details, I'd still need to go online and sell it or use it in a transaction. [Now, once] my malware is on your mobile number, I could start to send you premium SMS text messages and charge you a £1-a-message, and mostly, [consumers] aren't going to notice it on their monthly bills as it's such a small amount and doesn't change your total bill by much."

Banking trojans on the rise

"Given cybercriminals' keen interest in consumer bank accounts, the activity of mobile banking trojans is expected to grow in other countries in 2014," said Kaspersky virus analyst Victor Chebyshev.

"We already know of Perkel, an Android Trojan that attacks clients of several European banks, as well as the Korean malicious program Wroba."

The Wroba banking trojan has the ability to grab login details and passwords by deleting banking apps on mobile devices and replacing the apps with fake alternatives that trick users into thinking that they are still using their bank's secured app.