Android malware hijacks smartphones
Security experts have discovered a new malware strain capable of controlling the device and erasing all its data
Android smartphone users are facing a new strain of mobile malware, dubbed Mazar Bot, which provides attackers complete administration rights to monitor and control every aspect of the device.
This new malware is unlike other Android exploits as it targets users with a direct message instead of going through a third-party application download. Security experts at Heimdal Security said Mazar Bot spreads malware exploits through SMS and MMS messaging and creates a malicious link, which reads:
‘You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.'
If installed, the malicious code spreads through the phone and creates havoc. It is able to send malicious text messages, anonymously access the Internet, put the phone into sleep mode and most worryingly, erase content from the device and access authentication codes used for online banking and social media accounts.
Mazar Bot can also secretly download Tor which enables it to connect anonymously to the Internet to the alert the attacker that the device has been compromised. Furthermore, it can install the Android-based Polipo Proxy application, enabling the attacker to spy on all Internet traffic passing through the smartphone.
According to Andra Zaharia, security specialist at Heimdal Security, this could prompt Man-in-the-Middle attacks, which are often used to steal sensitive details, such as personal banking credentials.
Heimdal Security experts suggests the attackers are Russian and say the malware is only likely to evolve in the coming months.
"Attackers may be testing this new type of Android malware to see how they can improve their tactics and reach their final goals, which probably is making more money," said Zaharia. "We can expect this malware to expand its reach."