Mazar Bot allows an attacker to spy on almost every activity taking place on the victim’s Android smartphone or tablet. It can also infect users’ Chrome browser, force devices into sleep mode or change their settings.
Advertisement
The firm warned that the “insidious mobile malware”, dubbed Mazar, has “crippling options” including giving third-party mayhem rights to hackers.
The Mazar malware uses the TOR network, in an apparent bid to hide the origin of the malware, and also the servers it will subsequently be sending data to.
A new bit of malware lets hackers gain administrator access to Android devices using only text messages. Find out how to avoid infection, here.
Once MazarBOT is installed an attacker is able to send SMSes to premium numbers, read SMSes and manipulate the smartphone however they like.
Mazar Bot is hidden in mutimedia messages, and gains admin rights on a user’s phone to read banking OTP text messages.
“You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message”.
Heimdal noted that the attackers behind Mazar BOT also implemented the Polipo proxy, which is used to cache web pages for offline access, amongst other things.
Heimdal, the aforementioned security firm, has discovered this Android malware called Mazar.
Though the hackers behind these attacks are not yet known, they are thought to be based in Russian Federation. If you haven’t flipped the “unknown sources” switch on your Android device, the install will be blocked. For it to be downloaded, you’d need to click the link, and also have switched off a default device setting to only download software from trusted sources. If you aren’t 100 percent certain what you are clicking on, it’s best just to ignore it. Once you’ve done that, you still have to allow the app it tries to download to install.
‘Attackers may be testing this new type of Android malware to see how they can improive their tactics and reach their final goals, which probably ios making more money’.
Advertisement
The malware is then able to do the following commands on the victim’s phone: SEND_SMS, RECEIVE_BOOT_COMPLETED, INTERNET, SYSTEM_ALERT_WINDOW, WRITE_SMS, ACCESS_NETWORK_STATE, WAKE_LOCK, GET_TASKS, CALL_PHONE, RECEIVE_SMS, READ_PHONE_STATE, READ_SMS, and ERASE_PHONE.
