A new form of Android malware has appeared in Europe that is being spread via SMS messages. Danish company Heimdal Security, which uncovered Mazar BOT, told the BBC that it has already spread to 100,000 devices in Denmark, although it’s not clear how far it’s reached beyond the county’s borders.
The SMS messages in question contain a link, claiming to be a multimedia message, that when clicked will prompt users to download a malicious Android application package (APK) called ‘MMS Message.’
The text messages generally look like this: ‘You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.’
Once installed, Mazar gains administrator rights that allow attackers to do whatever they want with the phone, including reading text messages or sending them to premium channel numbers, monitor calls, root the phone, and even erase all the data stored on the device. It also uses TOR for communication.
“Attackers can open a backdoor into Android smartphones, to monitor and control them as they please, read SMS messages, which means they can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and ecommerce websites, and use their full access to Android phones to basically manipulate the device to do whatever they want,” warned Heimdal
The company has only tested devices running Android Kit Kat, but it says older versions will likely be at risk as well. Phones with the latest versions of the OS haven’t been tested.
One of the interesting things about Mazar is that it won’t install itself on an Android smartphone that has Russian selected as the operating system’s language. The malware has been advertised on the Dark Web for a while, but this is the first time it’s been used in active attacks.
Despite Mazar requiring people to click on the SMS link and allow software from outside the Play Store to be installed on their device, it is still spreading. As a warning to less tech-savvy users, Heimdal said: “First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security product dedicated to this OS are not nearly as effective as they are on computers.”