‘Advanced and nasty’ Android malware discovered
Android users have been warned that new malware could give hackers access to the entire contents of their phone.
Dubbed ‘MazarBOT’, the new piece of malware is delivered via a text that tells users they have a multimedia message which can be accessed by following a link. When clicked, the URL prompts users – via social engineering – to download a fraudulent “MMS Messaging” app. Users are also tricked into giving the app multiple permissions to carry out almost anything on the device.
The first thing MazarBOT does, once installed, is download the Tor browser (to access websites anonymously). This helps it to evade authorities, as messages are pinged across numerous locations. Next, information on the device’s whereabouts is sent via SMS to a mobile phone registered in Iran.
Avoid MazarBOT by switching your language settings to Russian!
Though there’s an Iranian link, MazarBOT first emerged on underground Russian forums, where it was available for purchase. Most interestingly, it will not activate on any devices that have their language settings as Russian. This offers a glimpse into where the malware most probably originated, as developers will often build in ways and means of preventing themselves from accidentally becoming victims of their own creations.
Android devices infected with MazarBOT could fall foul of any number of actions. Hackers can, for example, monitor and control devices via a back door. They can also send messages to premium rate numbers or intercept two-factor authentication codes used by banks and the like to make registration much safer.
Cybercriminals could also launch so-called ‘man-in-the-middle’ attacks, where hackers are able to intercept communications between two devices before sending them on their way. Not only does this allow hackers to read private communications, messages could also be altered.
Though the highest proportion of MazarBOT messages were sent to Danish Android owners, security group CSIS says it could move across Europe and the wider world very soon.
Commenting, partner and security specialist at the firm, Peter Kruse, told csis.dk: “MazarBOT is (a) pretty advanced and nasty Android malware. Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions.