There’s a new Android malware in town in the form of a Trojan, and much like many that came before it, it also wants to steal your banking information and wipe out all data from your smartphone and tablet. It’s called Mazar Bot, and it has already become a talking point among researchers, who are now actively warning about this Trojan.
Mazar Bot allows an attacker to spy on nearly every activity taking place on the victim’s Android smartphone or tablet. The attacker could potentially also plant a backdoor connection on the compromised device. Talking about how sophisticated Mazar Bot is, it is able to read through text messages on the victim’s device. This enables it to bypass the two-factor authentication, as it can glean a verification code from the compromised handset.
Researchers at Heimdal Security said that the Mazar Bot is largely being spread through SMS and MMS messages. When a victim opens the apk (installation file) on their device, the malware is able to root the device, and gain access to the admin privileges. It also installs the Polipo HTTP proxy, exposing the victim to man-in-the-middle (MiTM) attacks. It can also delete everything from the device.
Another interesting thing is the way it entices users to click on the link. To avoid getting caught, the apk first installs Tor – from official channels – on the device, and then sends all the data it steals and other communications over a protected and anonymous network. And rightly so, VirusTotal, a service that utilises dozens of antivirus and anti-malware services to detect malicious codes, reports that only three of the 54 security suites are able to detect Mazar Bot.
Heimdal Security researchers noted that for some reason, Mazar Bot doesn’t install itself on Android devices with the Russian language selected. “Mazar BOT will check the phone to identify the victim’s country and this will stop the malicious APK if the targeted phone turns out to be owned by a Russian user,” the researchers wrote in a blog post. The researchers added that the Mazar Bot is capable of injecting itself into Chrome, control the phone’s keys, enable sleep mode, and save actions in the phone’s settings.
Mazar Bot was first spotted on a Russian hacker forum late last year. It was previously being sold on the Dark Web, but researchers believe that the malware is now being sold more actively and openly.
In light of the Mazar Bot malware, researchers advise Android device users to never click on links in SMS or MMS messages; turn of Unknown Sources in Settings>Security; install a good antivirus app; do not connect to unknown and unsecured Wi-Fi connections; keep your Wi-Fi off when not using it, and install a VPN and use constantly.