Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Viruses & Malware / Android Malware Wipes Your Phone
Mazar BOT Malware Could Wipe Your Android Smartphone
Mazar BOT Malware Could Wipe Your Android Smartphone
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A new bit of malware lets hackers gain administrator access to Android devices using only text messages. The malware, dubbed Mazar BOT, was discovered in the wild by Dutch digital security firm Heimdal Security. Mazar BOT allows an attacker to make, send, and receive SMS messages from the compromised device, make phone calls, access the Internet, and even erase the device completely, according to a blog post by the company.

The attack works by sending a text message informing the user that he has received a multimedia message and instructing him to click on a link to download it. When a user clicks on the link, a malicious APK (Android application package file) is downloaded instead, which in turn retrieves Tor, a legitimate Android app, and installs it on the device. Once the Tor app is installed, the malware can surf the Internet anonymously via the Tor network. It can then send the data and other communications it steals over the anonymous network.

Complete Remote Control

The hack opens users up to a veritable Pandora’s box of malicious behavior. Among other things, Mazar BOT lets an attacker open a backdoor to a device, as well as monitor, and control the device remotely. The hacker can also force the device to send premium SMS texts to run up a user’s phone bill. By reading SMS texts, the hackers can read identification codes sent as part of two-factor authentication mechanisms.

That capability already gives the hackers a massive amount of control. But the Mazar BOT is only part of the attack. The hackers also set up a Polipo proxy, which criminals can use to impose man-in-the-middle attacks between victims' phones and Web services, and can stop phone calls and launch other aggressive commands.

The malware is also able to inject itself into the Chrome server, compounding the damage. And it can give the attacker control of a device's buttons, enable a phone’s sleep mode, and save actions in the phone’s settings.

A Russian Connection

Heimdal said Mazar BOT is currently being sold on the Dark Web, and is already being used in active attacks. So far, Heimdal said it has not been able to determine the country of origin for the APK. However, the malware cannot be installed on Android devices running with the Russian language option, as Mazar shuts off if the device appears to be owned by a Russian user.

“Attackers may be testing this new type of Android malware to see how they can improve their tactics and reach their final goals, which probably is making more money (as always),” Andra Zaharia, a security specialist at Heimdal, wrote on the company blog. “We can expect this malware to expand its reach, also because of its ability to remain covert by using Tor to hide its communication.”

Users with Android phones are urged not to click on links in SMS messages, as they are particularly vulnerable to attacks through that vector. Android users should also change their security settings to prevent apps from sources other than the Google Play store from being installed.

Image Credit: Screenshots via Heimdal Security.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
Security software company McAfee has adapted to many changes over the years, but Chief Executive Chris Young says one thing has remained constant: "our commitment to protecting everyone."
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.