It seems like every month, mobile users have some new scary virus to worry about.
This month is no exception. A new malware called Mazar Bot ca purportedly root and wipe Android smartphones.
The malware is delivered by SMS and is able to grant itself root access to your device.
It also installs potentially dangerous software – like Tor – that the malware can automatically use to access illegal content online. And finally, to put the cherry on top, the malware can even wipe out a user’s phone.
How Does the Mazar Bot Malware Work?
The malware was discovered by Heimdal Security. Researchers at that company analyzed text messages that had been sent to random numbers.
Those text messages claim to link to an MMS – a multimedia message – but in reality, it just tricks users into downloading and installing something called mms.apk, which is the Mazar Android Bot in disguise.
Here’s what the message looks like:
“You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message”
Most Android users would take one look at that message and say “nope”. But for those of you misinformed enough to click on it, you’re not going to see a photo or video.
Instead, the “MMS Messaging” app you just installed will use administrator privileges to gain access to permissions like SEND_SMS, READ_PHONE_STATE, and ERASE_PHONE – all of which are permissions you don’t want any app to get its hands on.
After the malware has been installed, it will automatically install Tor before connecting to an Onion server and sending an SMS to an Iranian phone number. That SMS will reveal the victim’s location.
At this point, the malware can perform a variety of scary functions, including:
-Open a backdoor into your Android smartphone to monitor and control everything on your phone
-Send SMS messages to premium numbers, which significantly increases the victim’s phone bill
-Read SMS messages, which means it can access authentication codes sent to you as part of the two step verification process and other security measures
-Manipulate your Android however it likes because it has full access
Doesn’t Work on Russian Androids
One of the most unique aspects of the Mazar Bot malware is that it does not infect Androids configured to use Russian.
Some people have taken this to mean that the malware is Russian in origin.
In any case, Mazar Bot isn’t exactly new: it was first spotted back in November. However, back then, it was only spotted on malicious advertisements in the dark web. Starting in February, it’s been spotted in the wild ready to infect unsuspecting users just like you.