Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.

The Mazar BOT was spotted in November of last year being sold on the dark web, but this is the first time the virus has been used in an attack. Users are sent a text that tries to get them to tap on a download link for a fake SMS client. The app asks for wide ranging permissions, including the ability to send SMS, have full internet access, and the ability to erase a phone.

Once on a device, the app installs TOR, connects to a server, and sends a message that includes a device’s location. The malware will forward all internet connections to a malicious proxy and act as a man-in-the-middle attack, stealing passwords and other credentials. Interestingly, the malware will not install on phones with the language set to Russian, possibly hinting at its origin.

Users can take simple steps to avoid being infected. First off, users should not click on links in text messages from strange recipients and not install unknown apps. Additionally, most users should make sure unknown sources cannot install apps (Settings > Security > Unknown sources).

About the Author