Security

Malware creators find innovative ways to steal your data

Brendyn Lotz

22nd March 2024

Cybercriminals lure on the wants of victims to trick them into downloading malware or accessing compromised websites.
Tambir is a malware variant that parades as an IPTV service but steals banking credentials, SMS messages and records keystrokes.
Dwphon gathers information about others apps and arrives on your smartphone by way of a system update app.

With so many streaming platforms one often finds that multiple subscriptions are required to keep up with your favourite content. This becomes expensive and as such, piracy is a consideration for many, ourselves included.

While piracy isn’t new, it is on the rise as streaming platforms demand increasingly larger bags of money to access a limited catalogue of content. The trouble is that because piracy is illegal, those operating piracy websites aren’t in the business of turning down unscrupulous funders. This means that operators of piracy websites often distributed scam advertising or even malware to unsuspecting viewers.

Among these piracy services are IPTV platforms. While IPTV in and of itself isn’t illegal, the technology is often used to distribute content illegally through platforms that offer access to multiple streaming services for an unbelievably low – or even free – fee.

A team of researchers at Bournemouth University tested a sample of 60 IPTV URLs in 2023 and found that 32 of those URLs were malicious. The risk of encountering malware instead of content is very high.

And that risk extends to mobile phones as well according to Kaspersky. The cybersecurity firm reports that in 2023 it blocked almost 34 million attacks on mobile devices. These attacks range from malware to adware with one of the most popular malware variants using IPTV to lure folks into downloading it.

Dubbed Tambir by Kaspersky, the malware is disguised as an IPTV app but steals banking credentials, messages and keystrokes when installed on an Android smartphone. An attacker can send up to 30 commands to the malware using a command and control server and while attacks mainly occurred in Turkey, cybercrime has no borders.

One of the more recent malware variants spotted by Kaspersky is Dwphon. This malware is noteworthy because it targets smartphones made by Chinese manufacturers. So far, the malware primarily targets the Russian market but, given the popularity of Chinese smartphones locally, Dwphon is a malware variant worth knowing about in South Africa.

“Dwphon is distributed as a component of a system update application and collects information about the device as well as personal data. It also gathers information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on the device. One of the analysed samples also included the Triada trojan, one of the most widespread mobile trojans of 2023, which suggests that Dwphon modules are Triada-related,” Kaspersky explains.

The same malware was also spotted on a smartwatch for children that was distributed in Europe and the Middle East

The upcoming long weekend may be a good time to warn family and friends about the dangers that lurk online. If they insist on using an IPTV service, recommend they at least look for advice on which are safer to use.

We also recommend you help family members who are tech-averse by updating their smartphones, smart TVs, set-top boxes and other devices. Be sure to warn them about apps promising to update or speed up their devices. These apps are usually loaded with adware, malware, or worse.

[Image – Elchinator from Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.