Researchers have discovered a new kind of Android SMS malware which can allow root access to your device. With this access, attackers can completely control or wipe your smartphone or tablet of all data.
The malware, known as MazarBot, was first discovered by Heimdal Security researchers and utilizes a Man-in-the-Middle mechanism to intercept all data coming to and going out of the device. It acts as a backdoor to the device, giving attackers the ability to control infected Android phones in a number of ways, including sending and reading SMS messages, monitoring user actions, making calls and more.
This can cause numerous privacy and security issues for users as attackers can send messages to premium channel numbers, increasing the victims’ bills, or even gaining access to accounts that require two-factor authentication such as online banking apps and ecommerce websites log-ins. It can also infect users’ Chrome browser, force devices into sleep mode or change their settings. Since it has administrator access, the malware allows attackers to do anything to devices that users can do themselves.
In addition, the Mazar Bot can also be used for larger and more nefarious schemes such as making the smartphone a bot inside hacker's botnet. It can also download a TOR app on the smartphone without a user’s knowledge and use it to anonymously browse the web on the device.
Launching the MazarBot attack is easy for hackers: all the attacker has to do is send a poisoned text message to a victim. When the victim receives and opens the attached multimedia message, the Mazar Bot installs itself.
According to Heimdal, this is what the message says :
"You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] net / mms.apk to view the message."
The only Android users not susceptible to attack are those whose phones are configured with Russian as the default language. Though Heimdal says the Mazar Bot malware has been around a while, it has only recently started targeting a large number of users. According to the BBC , Heimdal reports that more than 100,000 Android phones in Denmark, where the company is based, have recently received the malicious message.
Though the hackers behind these attacks are not yet known, they are thought to be based in Russia.
For users with Android devices, Heimdal gives some straightforward advice for avoiding a Mazar Bot infection.
- Never click on links in SMS or MMS messages on your phone – This should be the general rule, whether email, text, or Facebook. If you aren’t 100 percent certain what you are clicking on, it’s best just to ignore it.
- Turn off "Unknown Sources” on your device -- The best way to avoid downloading malicious items is to not allow unknown sources to install stuff on your device. You can do this by going to the Settings>Security on your Android phone and make sure “Unknown Sources” is toggled off.
- Install an Android antivirus product – a number of trustworthy ones can be found here.
- Don’t connect to unknown or unsecured Wi-Fi hotspots - Yeah, we know you love Starbucks’ and other retailers’ free internet, but it’s a great way to get sent some malware by nearby attackers.
- Install a VPN on your smartphone and use it - It protects both your privacy and security.