Skip to main content

New ‘Mazar’ Android malware spreads via SMS, tricks users into granting a malicious app full permissions

Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.

The Mazar BOT was spotted in November of last year being sold on the dark web, but this is the first time the virus has been used in an attack. Users are sent a text that tries to get them to tap on a download link for a fake SMS client. The app asks for wide ranging permissions, including the ability to send SMS, have full internet access, and the ability to erase a phone.

Once on a device, the app installs TOR, connects to a server, and sends a message that includes a device’s location. The malware will forward all internet connections to a malicious proxy and act as a man-in-the-middle attack, stealing passwords and other credentials. Interestingly, the malware will not install on phones with the language set to Russian, possibly hinting at its origin.

Users can take simple steps to avoid being infected. First off, users should not click on links in text messages from strange recipients and not install unknown apps. Additionally, most users should make sure unknown sources cannot install apps (Settings > Security > Unknown sources).

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com