Emerging Threats

Mazar BOT malware invades and erases Android devices

Authored by a Symantec employee


Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages that link to a malicious app file. The Mazar BOT, as it is called, tricks the Android user into gaining administrative access to the infected Android phone and can then erase any stored data. Although security research experts believe this malware has several hidden capabilities that are still being discovered, they know this malware will turn your smartphone into part of a hacker botnet web.

How the Mazar BOT attacks Androids

Android mobile phone users receive this (or similar) SMS or MMS message that includes a link to a malicious Android application package (APK):

“You have received a multimedia message from + [country code] [sender number] Follow the link http://www.mmsforyou.net/mms.apk to view the message.”

When the user clicks on the link, a download of a file with the generic name of “MMS Messaging” is initiated. If the user installs the app, the Mazar BOT is able to grant itself administrator rights on the now-infected Android. From then on the cybercriminals behind the bot are able to access all stored data and use the Chrome browser to see the user’s history and potentially launch

[MITM (man-in-the-middle) attacks. Essentially the hackers have complete control over any function the Android device can perform, like making phone calls and sending and reading messages — which could include two-factor authentication (2FA) texts from users’ banks or social media accounts.

Although the Mazar BOT has been available for sale on the Dark Web for a few months, authorities have not found the cybercriminals behind this virulent malware. However, the fact that the malware cannot be downloaded on Android devices set to the Russian language may indicate its country of origin.

How to stay protected

1. Don’t click on links in SMS or MMS messages.

2. Only install apps from reliable sources like the Google Play Store.

3. Protect your mobile devices with Internet security software, like Norton Mobile Security.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.