Another malware is now targeting Android devices. Heimdal Security, a Denmark-based security solutions company, had discovered that a malicious APK, termed as the Mazar BOT has been targeting and infecting Android devices.
The Mazar BOT appears in the form of a harmless SMS or MMS containing a link for viewing the message. Clicking on the link initiates the infection. It will try to download and install an app. However, the app will get installed only if the user allows this to happen, or else it will not. Smartphone users who are savvy enough not to install apps from unknown sources are safe. But, those who install apps from stores apart from Google playstore or other reputed places are definitely at risk.
Once the app gets installed it gains administrator access to the Android device. This basically allows it to intercept incoming SMS, send SMS, view posts, make calls, hijack the Chrome browser, and also wipe the device. The app retrieves TOR, installs it and then runs the application. This opens a connection to an external server (used by or owned by cyber criminals for conducting malicious activities), which could serve as a backdoor for allowing cyber criminals to monitor and take complete control of the smartphone.
As the malware can send SMS, it could send premium SMSes and run up a bill for the user. And as it can read SMS, it could be privy to the passwords, pins and other sensitive authenticating information that are received through SMS. Furthermore, the malware implements polipo proxy that could allow cybercriminals who control the malware to launch Man-in-the-Middle attacks.
However, if the smartphone was running with the Russian language option then the device did not get infected. Maybe the owner of the malware is a Russian patriot. A post on Recorded Future mentions a cyber crime forum that offers the Mazar Android bot for sale. And the seller claims that the bot works on all versions of android devices.
Being cautious does not hurt any time. Following basic precautions, such as not clicking on any links received through SMS or MMS; installing apps only from Google playstore; and not connecting to public Wi-Fi hotspots that could be unsecure, could prevent these types of malware attacks and loss of the data on the smartphone.
Installing an effective antivirus program such as Comodo’s Antivirus for Android that protects against malware, unsafe apps, high-risk settings, and also protects privacy, could help protect against the Mazar BOT and other malware. Furthermore, the traffic monitoring feature, which is a unique feature on Comodo’s Android Antivirus product, helps prevent Man-in-the-Middle attacks.