It’s completely understandable if checking your voicemail on your smartphone has become a dull chore. These days, people trying to reach you likely do so via email or text message. If you want to talk to someone using your actual voice, you may prefer using Skype or Google Hangouts or one of a plethora of other VoIP (voice over internet protocol) apps. And sometimes, older people might try to reach you through an old-fashioned phone call. If you see a notification on your phone that says you have voicemail, chances are it’s grandma, your dentist, or a phone scammer. It’s a tedious routine to have to navigate your voicemail system with your dial pad, but it’s a necessary task.



We typically use our phone dial pad to navigate our voicemail system, right? Press “1” to play your messages, press “7” while listening to a message to delete it, and so on and so forth. As long as you know your carrier’s voicemail system number, your cell number, and your authentication PIN, you could use an old school touchtone payphone to play and delete your voicemail messages. It’s true!

It’s pretty common to get automated text messages from unknown numbers for legitimate commercial purposes. For example, if you order something on an e-commerce site, you might get text messages from the courier company with tracker updates about where your package is right now. If you order something from a food delivery app, you might get automated text messages about your food order. You even get messages from would-be politicians right before big elections. Get enough of those legitimate automated text messages, and you might let down your guard and trust all of them by reflex.

Cyber attackers may send you a nasty message.

So you might get another text message from an unknown number on your Android phone—something like “You have (2) messages, to enjoy them use <link to an app>.” And you think, “I don’t want to miss any important voicemails, so I better download that app!”

Well, don’t. Touchtone controlled voicemail systems, like email, are a standardized technology. No one tech company owns them. You will never need a special app in order to listen to your voicemail messages. Just use the phone app that was pre-installed on your phone. You could access your voicemail from any touch tone-capable phone if you know how to log into it. That means you will never need a proprietary app in order to access your voicemail—you could even use a landline phone that was manufactured in the 1980s if that’s all you had.

If you clicked on the link in the text message telling you to download an app in order to listen to your voicemail, it’s quite possible that a cyber attacker has put malware on your Android phone. An iPhone can’t install apps from outside of the App Store without being jailbroken, which means it’s much harder to hack an iPhone to do things that Apple doesn’t approve. But on Android phones, you can choose to allow apps from outside of the Google Play Store without any hacking necessary—just go into your settings to enable them.

TimpDoor is bad news.

A new malware app for Android has been found by researchers, and it’s called TimpDoor. That nasty text message is an example of phishing; using a fake website, email, or text message in order to fool you. Text messages that say something like “You have (2) messages, to enjoy them use <link to an app>” have been found to entice victims to install the TimpDoor malware. If your Android phone has been configured to allow outside apps, that link will work to give cyber attackers access to your device. It’s much easier to get malware on an Android phone than an iPhone in that way, because apps in Apple’s App Store and the Google Play Store are screened to make sure that they aren’t malware.

Usually only a tech nerd who knows how to jailbreak their iPhone can get apps from outside of the App Store. But malware apps from unknown sources are easy to get onto Android phones if you can fool the user into clicking on a link! And if you do click on the malicious link, TimpDoor has a user interface that makes it look like a professionally developed legitimate app. You know how when you install a new app and launch it for the first time there may be screens that advertise and explain the app’s useful features? It’s just like that.

This is what TimpDoor does.

If you are tricked into installing TimpDoor, a Socks proxy will start on your phone that gives the bad guys an easy way to access it. A Socks proxy is basically an old internet protocol that ordinary people seldom use, but which allows other computers to access your computer or phone. When cyber attackers use a Socks proxy on your phone, they can bypass the existing security software, such as firewalls and antivirus apps. Your security software probably won’t be able to warn you that something bad is happening!

Once the cyber attackers behind TimpDoor have opened a Socks proxy on your phone, they encrypt their communications so they won’t be easy to trace. Very sneaky, indeed. The internet protocol they use to encrypt their communications is something called SSH. It is most often used in a good way so cyber attackers can’t access a communication channel that can allow them to administrate your phone or PC against your will. But TimpDoor’s cyber attackers are using SSH so they can’t be easily traced, and so we can’t see what they’re doing.

Once the Socks proxy is launched on your phone and the cyber attackers have an SSH connection to you, they will gather sensitive information about your phone such as device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP addresses. If the cyber attacker has that sort of information about your phone, they’ll know what other types of cyber attacks will work because different versions of Android and different models of Android phones may have a different set of vulnerabilities that they can exploit.

Researchers have followed an IP address that the cyber attackers are using, and they found a command and control server with a huge collection of other Android malware apps. That probably indicates that they’ll use the connection they have to your phone to send you even more malware! The malware can do terrible things like read your emails and text messages. They may even be able to see what you see on your phone screen any time they want.

Researchers have found that at least 5,000 Android phones have been hit by the TimpDoor cyber attack, and that it’s probably existed since March. The latest version of the TimpDoor malware is from late August, and there are likely new versions of TimpDoor on the way.

If you don’t want to risk being fooled into installing an app that’s possibly malware from outside of the Google Play Store, go to your settings app and look for something like “install unknown apps” under your App settings. Turn it off! And never, ever click on a link from some person or some company that you don’t know—that’s your safest bet.


Share this article

mail envelope

Subscribe to our blog

Stay up to date with the latest marketing, sales and service tips and news.

Worked in a variety of IT roles until cybersecurity captured her intrigue after resolving a multitude of different malware problems for clients. Concurrently with computer technology, she enjoys creative writing and even won a few writing contests as a child. Over the years, these interests have segued into a successful blogging career. She enjoys reading novels and biographies, console gaming, lurking in web forums, alternative fashion and listening to jazz, funk, and goth music.

Post a comment