New form of Android Malware that is spread via text messages appears in Europe

[midian182]

A new form of Android malware has appeared in Europe that is being spread via SMS messages. Danish company Heimdal Security, which uncovered Mazar BOT, told the BBC that it has already spread to 100,000 devices in Denmark, although it’s not clear how far it’s reached beyond the county’s borders.

The SMS messages in question contain a link, claiming to be a multimedia message, that when clicked will prompt users to download a malicious Android application package (APK) called ‘MMS Message.’

The text messages generally look like this: ‘You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.’

Once installed, Mazar gains administrator rights that allow attackers to do whatever they want with the phone, including reading text messages or sending them to premium channel numbers, monitor calls, root the phone, and even erase all the data stored on the device. It also uses TOR for communication.

“Attackers can open a backdoor into Android smartphones, to monitor and control them as they please, read SMS messages, which means they can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and ecommerce websites, and use their full access to Android phones to basically manipulate the device to do whatever they want,” warned Heimdal

The company has only tested devices running Android Kit Kat, but it says older versions will likely be at risk as well. Phones with the latest versions of the OS haven’t been tested.

One of the interesting things about Mazar is that it won’t install itself on an Android smartphone that has Russian selected as the operating system’s language. The malware has been advertised on the Dark Web for a while, but this is the first time it’s been used in active attacks.

Despite Mazar requiring people to click on the SMS link and allow software from outside the Play Store to be installed on their device, it is still spreading. As a warning to less tech-savvy users, Heimdal said: “First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security product dedicated to this OS are not nearly as effective as they are on computers.”

Permalink to story.

https://www.techspot.com/news/63837-new-form-android-malware-appears-europe-spread-using.html

 

[robb213]

Still boggles me how people are oblivious with stuff they deal with daily. If something is out if the ordinary and different, should you really check it out in this day and age? Nope.

At least it's not another actual MMS exploit though.

 

[Arturo]

MMS ditched here ☺

 

[MonsterZero]

It's ridiculous that people would click a .apk file link from an untrusted source.

 

[Kibaruk]

I found the topic a bit click bait, it sounded like you got an sms and WHAM! malware pops up. Maybe it was just me.

It's ridiculous that people would click a .apk file link from an untrusted source.

And then approve to give it administration rights.

 

[Camikazi]

It's ridiculous that people would click a .apk file link from an untrusted source.

People don't change just the format does. People have been clicking unknown attachments in emails, and then clicking yes to random popups for years now, it won't change.

 

[tonylukac]

It would be nice to be able to turn off text messages, and give the sender the message that you're not accepting any messages, like we used to do on the mainframe computers of the past. On some of my plans, it costs 20 cents to receive a text. Att always wanted you to go back to land lines, and they can't, because everyone's too dependent on texting.

 

[Technician]

CLICK HERE to remove all viruses and malware for FREE FREE FREE
I suppose the next advent will be links that click themselves.