Mazar Bot is discovered as a new Android malware that spreads via SMS. It is designed with such malicious codes which allow it to read incoming SMS and also capable to replay or send messages by itself. The android malware can make calls to number saved in phone-book, destruct the Chrome, use Internet or any other network, read contents on phone and delete mobile contents completely. Security researchers of Heimdal Security have discovered this malware recently and analyzed a text message sent to several random mobile numbers. SMS/MMS comes in question with the following contents.
“You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.“
A program file APK runs on Android-smartphone then it will get administrative read, write and modify rights on the device of the victim. This allows attackers to gain access to permissions such as:
- Send SMS
- Receive boot completed
- Internet access
- Window Alert System
- Receiving SMS
- Read SMS
- Send SMS
- Status of the access network
- Service lock
- Get task
- Phone call
- Read Phone Status
- Erase phone
- All rights All Android-Mazar-i-Admin
Workings of Mazar BOT Andrioid Malware
1. Determine malicious APK Mazar Android-BOT, a threat that Recorded Future noticed in November 2015.
2. Malware package (APK) received terms of reference and sets it on the phone of the victim with the following friendly URL-address:
- https: //f-droid.org/repository/browse/?fdid=org.torproject.android
- https: //play.google.com/store/apps/details?id=org.torproject.android
3. In the next phase of attack, the infection will unzip and run TOR application, which will then be used to connect to the next server: HTTP: [.] // Bow Pc35hiptpcwqezgs.
4. After this, an automated SMS will be sent to the number 9876543210 (98 is the code for Iran) with a text message: “Thank you.” The catch that is SMS also includes device location data.
Mazar BOT Andrioid malware damaging effects
This is particularly mobile malware opens the door for all kinds of harmful consequences for the victim and allow attackers to perform unethical tasks, such as:
- Open the back door on the Android smart phone to monitor and manage them as they please;
- Sending SMS-messages to premium channel numbers, seriously increasing the phone bill of the victim;
- Read the SMS-messages, which means that they can also read the authentication code is sent as part of a two-factor authentication mechanisms are also used in online banking applications and e-commerce sites;
- Use them full access to the Android phones in the main control unit, to do whatever they want.
- It can get more worse.
Mazar BOT will not work on Russian Android smart-phones
In addition, it is very surprising that malware can not be installed on smart-phones running Android In Russian language. Mazar BOT malware check the phone to determine the country of the victim, and it will stop the malicious APK, if the target phone belongs to Russian language. Until now, Mazar BOT Android malware has not been declared for sale at several sites in the Dark Web, but this is the first time we’ve seen this code abuse of active attacks. Attackers can experience this new type of Android malware, to see how they can improve their tactics and achieve its ultimate goal, which is likely to make more money (as always). You can expect this code to expand coverage, but also because of its ability to remain hidden using TOR’s to hide your message.
Read more about Russian refusal – http://www.bbc.com/news/technology-35586446
How To Delete Android Mazar BOT Malware On Android
There are a few things you can do to keep your phone safe from Mazar BOT, and we recommend that you take a moment now to check and adjust these settings.
- First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are known to be vulnerable and the current security product dedicated to this operating system is not as effective as they are on the computer.
- Go to Settings> Security and make sure that this option is disabled, “Unknown sources – Allow installation of apps from sources other than play-store.”
- Install the top anti-virus for Android. It may not be enough to protect your phone, but it’s certainly nice to have. You can find top-rated options in this article.
- Do not connect to unknown and unprotected Wi-Fi access points. There are many dangers lurking there, and following a few common sense steps to keep yourself safe from them, it is best to do. Also, keep your Wi-Fi off when you are not using it.
- Always install VPN on your smart-phone and use constantly. This is good for both your privacy and safety.
- All the time maintain a cautious attitude. Android security not keep high rate of adoption of smart-phones running operating system, and the users will have to wait a long time until it will be more efficient security solution. Until then, a careful monitoring and assessment of what is going on your smart-phone can only safeguard your smart-phone.