R.B
JF-Expert Member
- May 10, 2012
- 6,296
- 2,573
Beware the Android virus that can WIPE your phone: Experts warn users that malware is being spread by text message
The Mazar malware is downloaded when users click on an innocuous-looking link designed to look like a multimedia message.
When selected, it installs software that enables anonymous internet connections to the phone and gives those who connect to it administrator rights.
+3
Malware that is being spread by text message allows cybercriminals to take control of mobile devices running Google's Android operating systems. It allows them to read text messages, make calls, eaves drop on internet use and even wipe phones entirely. A stock image of an Android mobile phone is pictured
This would allow them to read text messages, monitor the phone's use, make calls or wipe handsets entirely.
Danish internet security firm Heimdal Security estimates the malicious text messages have been received by at least 100,000 Android phones in Denmark alone.
They said the full extent of the spread of the malicious software in other parts of the world is still not known.
WHAT MAZAR DOES TO PHONES
According to internet security firm Heimdal, the Mazar malware allows attackers to take control of a victim's phone.
This allows them to:
Monitor the device
Send SMS messages to premium channel numbers, seriously increasing the victim’s phone bill
Read SMS messages
Eaves drop on internet use
Read authentication codes sent by online banking apps and ecommerce websites
Change the phone's settings
Wipe the phone entirely
However, they added that the malware will not install on phones where the language setting is set to Russian, perhaps providing clues as to its origin.
It will also only work on phones where a default setting that prevents software from untrusted sources being installed has been unchecked.
Andra Zaharia, a security specialist at Heimdal, said in a blog post: 'This specific mobile malware opens the doors to all kinds of malicious consequences for the victim.
'Attackers can open a backdoor into Android smartphones, to monitor and control them as they please and use their full access to Android phones to basically manipulate the device to do whatever they want.'
Among the actions the malware allows the attackers to do is to send SMS messages to premium channel numbers, increasing the victim's phone bill.
They can also read SMS messages, which Miss Zaharia warns also allows them to read the authentication codes sent by online banking apps and e-commerce websites.
Elsehwere, the Mazar BOT allows cybercriminals to interpose themselves between the victim's phone and a web-based service so they can see all information sent over the internet.
The malware is spread by multimedia messages that link to sites that appear to be innocuous pages for downloading apps. It installs software that gives cyber criminals access to the phone (left). Experts advise turning off security settings that allow apps from unknown sources can help to protect devices (right)
By following harmless-looking URLs (pictured), the malware installs TOR software on the victims phone. Experts recommend Android users protect themselves by never clicking on links in messages
It even allows attackers to take control of the phone's settings and keys.
Miss Zaharia explained the Mazar Bot has been advertised for sale on several websites on the Dark Web.
'This is the first time we've seen this code be abused in active attacks,' she said.
HOW TO PROTECT YOUR PHONE FROM THE MAZAR MALWARE
Online security experts Heimdal recommend taking a number of steps to protect against infection by the Mazar malware.
1. Never click on links in SMS or MMS messages on your phone
2. Go to Settings > Security and turn off the option that allows installation of apps from unknown sources
3. Install antivirus software for Android
4. Do not connect to unknown or unsecured WiFi hotspots
5. Install a VPN on your smartphone
'Attackers may be testing this new type of Android malware to see how they can improive their tactics and reach their final goals, which probably ios making more money.'
Experts recommend Android users protect themselves by never clicking on links in SMS and MMS messages.
They also advise turning off a security setting that allows the installation of apps from sources other than the Android Play Store.
David Jevans, vice president of mobile security at cybersecurity firm Proofpoint, said there were a number of clues that point to Russia as the origin of the malware.
He said: 'Another clue that it may be targeted for use by Russian cyber criminals is that the administration user interface for the criminals, which is used to monitor infected Android devices and steal credentials from their users, is in Russian.
'This control panel is very similar in appearance to botnet control panels that have historically been used by online banking criminals that target PC computers.
'However, there are a number of potentially fake diversions. For example, text messages about successful installation are sent to a phone number in Iran. This is almost certainly a decoy.
- Mazar is spread by a harmless-looking link sent via a text message
- Security experts say 100,000 phones in Denmark alone received the links
- The malware only installs on phones not set to use Russian language
- This provides clues the malware is being used by Russian cyber criminals
The Mazar malware is downloaded when users click on an innocuous-looking link designed to look like a multimedia message.
When selected, it installs software that enables anonymous internet connections to the phone and gives those who connect to it administrator rights.
+3
Malware that is being spread by text message allows cybercriminals to take control of mobile devices running Google's Android operating systems. It allows them to read text messages, make calls, eaves drop on internet use and even wipe phones entirely. A stock image of an Android mobile phone is pictured
This would allow them to read text messages, monitor the phone's use, make calls or wipe handsets entirely.
Danish internet security firm Heimdal Security estimates the malicious text messages have been received by at least 100,000 Android phones in Denmark alone.
They said the full extent of the spread of the malicious software in other parts of the world is still not known.
WHAT MAZAR DOES TO PHONES
According to internet security firm Heimdal, the Mazar malware allows attackers to take control of a victim's phone.
This allows them to:
Monitor the device
Send SMS messages to premium channel numbers, seriously increasing the victim’s phone bill
Read SMS messages
Eaves drop on internet use
Read authentication codes sent by online banking apps and ecommerce websites
Change the phone's settings
Wipe the phone entirely
However, they added that the malware will not install on phones where the language setting is set to Russian, perhaps providing clues as to its origin.
It will also only work on phones where a default setting that prevents software from untrusted sources being installed has been unchecked.
Andra Zaharia, a security specialist at Heimdal, said in a blog post: 'This specific mobile malware opens the doors to all kinds of malicious consequences for the victim.
'Attackers can open a backdoor into Android smartphones, to monitor and control them as they please and use their full access to Android phones to basically manipulate the device to do whatever they want.'
Among the actions the malware allows the attackers to do is to send SMS messages to premium channel numbers, increasing the victim's phone bill.
They can also read SMS messages, which Miss Zaharia warns also allows them to read the authentication codes sent by online banking apps and e-commerce websites.
Elsehwere, the Mazar BOT allows cybercriminals to interpose themselves between the victim's phone and a web-based service so they can see all information sent over the internet.
The malware is spread by multimedia messages that link to sites that appear to be innocuous pages for downloading apps. It installs software that gives cyber criminals access to the phone (left). Experts advise turning off security settings that allow apps from unknown sources can help to protect devices (right)
By following harmless-looking URLs (pictured), the malware installs TOR software on the victims phone. Experts recommend Android users protect themselves by never clicking on links in messages
It even allows attackers to take control of the phone's settings and keys.
Miss Zaharia explained the Mazar Bot has been advertised for sale on several websites on the Dark Web.
'This is the first time we've seen this code be abused in active attacks,' she said.
HOW TO PROTECT YOUR PHONE FROM THE MAZAR MALWARE
Online security experts Heimdal recommend taking a number of steps to protect against infection by the Mazar malware.
1. Never click on links in SMS or MMS messages on your phone
2. Go to Settings > Security and turn off the option that allows installation of apps from unknown sources
3. Install antivirus software for Android
4. Do not connect to unknown or unsecured WiFi hotspots
5. Install a VPN on your smartphone
'Attackers may be testing this new type of Android malware to see how they can improive their tactics and reach their final goals, which probably ios making more money.'
Experts recommend Android users protect themselves by never clicking on links in SMS and MMS messages.
They also advise turning off a security setting that allows the installation of apps from sources other than the Android Play Store.
David Jevans, vice president of mobile security at cybersecurity firm Proofpoint, said there were a number of clues that point to Russia as the origin of the malware.
He said: 'Another clue that it may be targeted for use by Russian cyber criminals is that the administration user interface for the criminals, which is used to monitor infected Android devices and steal credentials from their users, is in Russian.
'This control panel is very similar in appearance to botnet control panels that have historically been used by online banking criminals that target PC computers.
'However, there are a number of potentially fake diversions. For example, text messages about successful installation are sent to a phone number in Iran. This is almost certainly a decoy.
