Emerging Threats

Mazar BOT malware invades and erases Android devices


Authored by a Symantec employee

 

Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages that link to a malicious app file. The Mazar BOT, as it is called, tricks the Android user into gaining administrative access to the infected Android phone and can then erase any stored data. Although security research experts believe this malware has several hidden capabilities that are still being discovered, they know this malware will turn your smartphone into part of a hacker botnet web.

How the Mazar BOT attacks Androids

Android mobile phone users receive this (or similar) SMS or MMS message that includes a link to a malicious Android application package (APK):

“You have received a multimedia message from + [country code] [sender number] Follow the link http://www.mmsforyou.net/mms.apk to view the message.”

When the user clicks on the link, a download of a file with the generic name of “MMS Messaging” is initiated. If the user installs the app, the Mazar BOT is able to grant itself administrator rights on the now-infected Android. From then on the cybercriminals behind the bot are able to access all stored data and use the Chrome browser to see the user’s history and potentially launch

[MITM (man-in-the-middle) attacks. Essentially the hackers have complete control over any function the Android device can perform, like making phone calls and sending and reading messages — which could include two-factor authentication (2FA) texts from users’ banks or social media accounts.

Although the Mazar BOT has been available for sale on the Dark Web for a few months, authorities have not found the cybercriminals behind this virulent malware. However, the fact that the malware cannot be downloaded on Android devices set to the Russian language may indicate its country of origin.

How to stay protected

1. Don’t click on links in SMS or MMS messages.

2. Only install apps from reliable sources like the Google Play Store.

3. Protect your mobile devices with Internet security software, like Norton Mobile Security.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.