Kaspersky Identifies Three New Android Malware Threats

March 20, 2024

3 Min Read


Woburn, MA – March 20, 2024 – Today Kaspersky researchers shared their discovery of three new dangerous Android malware variants. The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication (2FA) and screen recording, jeopardizing user privacy and security. 

Tambir is a spyware application targeting users in Turkey. Disguised as an IPTV app, Tambir collects sensitive user information, such as SMS messages and keystrokes, after obtaining the appropriate permissions. The malware supports over 30 commands retrieved from its Command and Control (C2) server, and has been compared to the GodFather malware, which is among the top 3 mobile malwares in the region, due to its similarities in target location and the use of Telegram for C2 communication. 

Dwphon, discovered in November 2023, targets cellphones from Chinese OEM manufacturers, primarily targeting the Russian market. The malware is distributed as a component of a system update application and collects information about the device as well as personal data. It also gathers information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on the device. One of the analyzed samples also included the Triada trojan, one of the most widespread mobile trojans of 2023, which suggests that Dwphon modules are Triada-related. 

Gigabud, active since mid-2022, was initially focused on stealing banking credentials from users in Southeast Asia, but later crossed borders into other countries including Peru. It has since evolved into a fake loan malware and is capable of screen recording and mimicking tapping by users to bypass 2FA. The malware contains artifacts in the Chinese language and has been observed mimicking apps from companies in Thailand and Peru. 

“As Kaspersky’s mobile threats report shows, Android malware and riskware activity surged in 2023 after two years of relative calm, returning to levels seen in 2021 by the end of the year,” Jornt van der Wiel, senior security researcher at Kaspersky’s GReAT. “Users should exercise caution and should avoid downloading apps from unofficial sources, meticulously reviewing app permissions. Frequently, these apps lack exploitation functionality and depend solely on permissions granted by the user. Furthermore, using anti-malware tools can help preserve the integrity of your Android device.”

In 2023, Kaspersky solutions blocked nearly 33.8 million attacks on mobile devices from malware, adware, and riskware, a 50% increase of such attacks from the previous year's figures. 

Read the full report on new Android malware on Securelist.com.  

To protect your Android device, follow these recommendations: 

· It’s safer to download your apps only from official stores like Google Play. Apps from this market are not 100% secure, but at least they are checked by shop representatives and there is a certain filtering system — not every app qualifies for listing in these stores.

· Check the permissions of the apps that you use and think carefully before granting them, especially when it comes to high-risk permissions such as those related to Accessibility Services.

· A reliable security solution helps you detect malicious apps and adware before they start behaving badly on your devices. Conveniently, you can get protection, like Kaspersky Premium, directly from mobile operators.

· A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.

About Kaspersky 

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and specialized security solutions and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.  

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights