A new malware in the Android community has grabbed a lot of attention as it has the potential to gain a root access on your android device and can completely erase all the information from the device’s storage. This serious malware program has been named Mazar BOT. It comes loaded with a lot of hidden capabilities. Security researchers consider it a serious threat. Heimdal Security discovered this malware. This occurred when the firm researchers were trying to analyze a text message which was sent to random locations and mobile numbers.
Mazar malware spreads via MMS or SMS messages which hold within them a link to a malicious APK file. Whenever a user clicks on the link in the message, she/he ends up downloading the APK file on the android device. This when run can prompt the user to install an application. This application comes with the generic name MMS Messaging. This application requests for admin level privileges. Several users end up offering the root access to the malicious app.
Upon gaining the root access on the device, the BOT can gain boot persistence for surviving device restarts. The app can read and send text messages, make calls to the contacts, read the state of the phone, plague the control keys of the phone, infect the Chrome browser, force the device to enter into sleep mode, access internet and wipe the storage of the device.
Mazar BOT is even capable of downloading a legitimate TOP android application on the infected device. It can install applications with any kind of permission or consent from the user. With the aid of TOR app, the malware can easily surf the internet in an anonymous manner. Upon the installation of TOR on the victim’s device, the Mazar BOT sends a message to an Iranian contact number.
In few cases, the BOT installs Polipo Proxy app which tries to establish a proxy on the Android device on which it has been installed. This lets the hacker to keep a tab on the web traffic of the victim and perform middle attacks. There have been rumors about the Mazar BOT being distributed from the cyber criminals based in Russia.
This assumption has been based on the fact that Mazar BOT cannot be installed on Russian smartphones running on Android platform. The source code of the malware comes with an instruction of stopping the installation of the malware on phones that have been configured with Russian language. Moreover, nobody in Russia has been affected by the Mazar BOT.
To protect oneself from the Mazar BOT, the users shouldn’t click on the links forwarded in MMS or text messages from unknown sources. The users need to change their security settings by turning off the installation of the apps from unknown sources. Make sure that the anti-virus app has been updated on your android device. There is a need to avoid unsecured and unknown Wi-Fi spots.