Researchers have discovered a new type of Android malware that is spread by text message and can read users’ data or erase their smartphones altogether. Mazar, which Heimdal Security caught being used in active attacks for the first time, seeks to gain administrator rights, but does not attack phones with the language set to Russian.

Although the firm believes malicious texts have been sent to 100,000 phones in Denmark, users are only thought to be vulnerable if they have disabled a default Android setting that only allows trusted sources to install new software on their handsets.

A typical text reads: “You have received a multimedia message from [sender number]. Follow the link [malicious link] to view the message.” The malicious link sends users to a file called mms.apk – an Android installation file for a fake messaging app that seeks to gain administrator rights on users’ smartphones.

If successful, this allows hackers to send and read text messages, access the internet, make phone calls, erase the phone’s data and more.

Once it has these rights, Mazar installs the anonymous browser TOR on the phone, connects to a malicious server and sends a message saying “thank you” to an Iranian number. Researchers discovered that this text includes the device’s location data.

Hackers can potentially send text messages to premium numbers and run up users’ phone bills, read sensitive data stored in users’ messages and monitor and control the phone.

Through further trickery, the cyber criminals can also launch man-in-the-middle attacks, and the Mazar malware can even inject itself into Chrome to trigger commands and change settings.

Heimdal says it has seen the malicious software for sale on websites on the dark web before, but it believes this is the first time it has been seen actively used for attacks.

Android users are advised to ensure their settings do not allow the installation of apps from outside of the Google Play Store, install anti-virus software, avoid connecting to unknown or unsecured WiFi hotspots and never click on links in suspicious messages.

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website