Mazar BOT Malware Could Wipe Your Android Smartphone

A new bit of malware lets hackers gain administrator access to Android devices using only text messages. The malware, dubbed Mazar BOT, was discovered in the wild by Dutch digital security firm Heimdal Security. Mazar BOT allows an attacker to make, send, and receive SMS messages from the compromised device, make phone calls, access the Internet, and even erase the device completely, according to a blog post by the company.

The attack works by sending a text message informing the user that he has received a multimedia message and instructing him to click on a link to download it. When a user clicks on the link, a malicious APK (Android application package file) is downloaded instead, which in turn retrieves Tor, a legitimate Android app, and installs it on the device. Once the Tor app is installed, the malware can surf the Internet anonymously via the Tor network. It can then send the data and other communications it steals over the anonymous network.

Complete Remote Control

The hack opens users up to a veritable Pandora?EU?s box of malicious behavior. Among other things, Mazar BOT lets an attacker open a backdoor to a device, as well as monitor, and control the device remotely. The hacker can also force the device to send premium SMS texts to run up a user?EU?s phone bill. By reading SMS texts, the hackers can read identification codes sent as part of two-factor authentication mechanisms.

That capability already gives the hackers a massive amount of control. But the Mazar BOT is only part of the attack. The hackers also set up a Polipo proxy, which criminals can use to impose man-in-the-middle attacks between victims' phones and Web services, and can stop phone calls and launch other aggressive commands.

The malware is also able to inject itself into the Chrome...

Comments are closed.