New Android malware spread by text wipes out the smartphone completely
Researchers have discovered a new type of Android malware that is spread by text message and can read users’ data or erase their smartphones altogether. Mazar, which Heimdal Security caught being used in active attacks for the first time, seeks to gain administrator rights, but does not attack phones with the language set to Russian.
Although the firm believes malicious texts have been sent to 100,000 phones in Denmark, users are only thought to be vulnerable if they have disabled a default Android setting that only allows trusted sources to install new software on their handsets.
A typical text reads: “You have received a multimedia message from [sender number]. Follow the link [malicious link] to view the message.” The malicious link sends users to a file called mms.apk – an Android installation file for a fake messaging app that seeks to gain administrator rights on users’ smartphones.
If successful, this allows hackers to send and read text messages, access the internet, make phone calls, erase the phone’s data and more.
Once it has these rights, Mazar installs the anonymous browser TOR on the phone, connects to a malicious server and sends a message saying “thank you” to an Iranian number. Researchers discovered that this text includes the device’s location data.
Hackers can potentially send text messages to premium numbers and run up users’ phone bills, read sensitive data stored in users’ messages and monitor and control the phone.
Through further trickery, the cyber criminals can also launch man-in-the-middle attacks, and the Mazar malware can even inject itself into Chrome to trigger commands and change settings.
Heimdal says it has seen the malicious software for sale on websites on the dark web before, but it believes this is the first time it has been seen actively used for attacks.
Android users are advised to ensure their settings do not allow the installation of apps from outside of the Google Play Store, install anti-virus software, avoid connecting to unknown or unsecured WiFi hotspots and never click on links in suspicious messages.
