We have already published about a recent discovery of the Quadrooter family of vulnerabilities by the researchers at the Lookout labs. To summarize, Quadrooter is a set of four vulnerabilities found in the Android kernel that can be used by a malicious program to gain access to the root user without any knowledge of the user. Apparently, the Quadrooter family of vulnerabilities are already being used by various malicious programs including Tordow – a recent Android trojan discovered by Kaspersky Labs.
Tordow is a banking trojan that steals all the stored banking trojans from your Android smartphone. This trojan comes packed with the APK app files that you download from untrustworthy sources. After gaining access to the root user in Android, it aims to steal all the sensitive information about the owner of the Android smartphone. Tordow is very clever and after stealing all it can from a victim’s device, it automatically gives up the root user privileges.
According to the Kaspersky Labs, this trojan comes piggybacked with some other popular apps if you download them from untrustworthy or suspicious sources. It is known to come bundled with modified versions of apps like Pokemon Go, Telegram and Subway Surfer.
As such you can easily protect yourself from Tordow and other similar malware that exploit Quadrooter family of vulnerabilities by disabling the installation of apps from unknown sources. For this, in your Android smartphone, you can open the settings, choose Security and then make sure that the Unknown sources option is disabled.
In addition, you should also install a good antivirus app in your Android smartphone. You have so many choices in this regard – all you have to is search for “antivirus” on the Google Play store and it will instantly list all the antivirus solutions available for your Android smartphone. And if possible, try to get an updated version of firmware (ROM) for your Android device so that your device is no longer affected with any known vulnerabilities.