A new Android-based malware has been discovered that can wipe mobile device and read personal messages. This malware is named as Mazar bot and delivered via SMS which gain root access to devices and installs software. It was discovered by Heimdal security researchers who analyzed text message that was sent to random numbers.
How Mazar Bot effects mobile device?
A user will receive a text message with malicious link to APK. The message reads as follows:
“You have received a multimedia message from +[country code] [sender number] Follow the link http://www.mmsforyou[.]Net/mms.apk to view your message”
When a user clicks on this link, it will ask user to download package which contains malicious APK with the name of “MMS Messaging”. Once this APK is installed, the malicious code embedded inside it grants the app administrator privileges. This permits attackers to retrieve device data, text messages, monitor calls and root the device.
Attackers can read the authentication codes sent to the mobile device by social media accounts for two-factor authentication and online banking sites. Before this, an Internet technology company named as Recorded Future discovered Mazar APK back in November 2015. According to the company, malware was able to download and run TOR on infected devices. After that Mazar connect them to Onion servers and its own control and command centers.
Recommended for you: Are You Affected by Sparkle Vulnerability?
Interestingly, this malware cannot be installed and downloaded on Russian-based Android devices. During the installation of malicious APK, it will check the device’s listed country and stop the installation if that device belongs to the Russian user.
To avoid putting your sensitive data at stake, it’s better to avoid clicking on the links that appear in MMS or SMS messages received from unknown users.