Skip to main content

New malware targets Android users through text messages

Malware is a common security threat on desktop operating systems but now it is also gaining more of a foothold on mobile. A new Android-based malware has been discovered, which is able to grant itself administrator privileges and completely take over a users' device.

This new malware is being called Mazar Android BOT and it is spread via SMS and MMS messages. A user will receive a text message which includes a malicious link to an Android application package (APK). The message will generally look like this:

“You have received a multimedia message from +[country code] [sender number] Follow the link http://www.mmsforyou[.]Net/mms.apk to view your message”

Clicking on the link will prompt the user to download the package containing the malicious APK bearing the generic name 'MMS Messaging' which makes it appear as a legitimate application.

Once it is installed the malicious code embedded inside grants the app administrator privileges. This allows attackers to retrieve device data, monitor calls and text messages, and root the device.

The Mazar malware also has the ability to entirely erase all of the data stored on an infected device. Not only would a users' device be infected but such a move by attackers could render the device useless as well.

Attackers using Mazar are also able to read the authentication codes sent to the device by online banking sites and social media accounts which make two-factor authentication so secure. The hackers behind the malware are using it alongside the Polipo HTTP proxy to further access additional functions on Android devices.

The Internet technology company Recorded future was the first to discover the Mazar APK back in November 2015. The company discovered that the malware was able to download and run TOR on infected devices. Afterwards Mazar would connect them to Onion servers and its own command and control centers.

An interesting aspect of the Mazar malware is that it cannot be downloaded or installed on Russian-based Android devices. During the installation of the malicious APK, the malware will check the device's listed country and abort installation if it detects the smartphone belongs to a Russian user.

Mazar has been available for purchase on the Dark Web for quite a while now but this is the first time it has been actively used on the Android platform. You should avoid following any links that appear in SMS or MMS messages sent from unknown users in order to prevent falling victim to this new malware.

Image Credit: DeiMosz / Shutterstock

Anthony Spadafora
Anthony Spadafora

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.