A new piece of malware is making its way around the internet and MazarBOT – as it’s known – is quite terrifying.
According to Heimdal Security, the malware which was first seen on various Dark Web forums, arrives in a seemingly innocuous text message which reads, “You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.”
As you might suspect, once users click that link no multimedia message (MMS) is downloaded but rather a malicious Android Package Kit (APK). Strangely, should the APK detect that the handset is in Russia, the malware won’t be installed. This has led Heimdal to believe that a team of Russian cyber-criminals are behind the spread of the malware.
Once successfully downloaded the APK then downloads a TOR app and sends the message “Thank You” to a number that is registered in Iran. From there things start to unravel pretty quickly.
Once MazarBOT is installed an attacker is able to send SMSes to premium numbers, read SMSes and manipulate the smartphone however they like.
Heimdal has said that MazarBOT can be injected into Chrome to monitor activity there as well.
Being able to read messages is of particular concern to those who use online banking or email with two-factor authentication. Couple that with access to Chrome and cyber-criminals have a smörgåsbord of attack options.
Protection is the only real option
Of all the malware we’ve encountered, MazarBOT is the scariest we’ve seen. For this reason our usual “download an anti-virus” advice just won’t cut it so what follows are a few steps to make sure you’re safe.
- Never tap links in SMS or MMS messages. There are far too many vulnerabilities on the Android operating system and doing this can result in nasty viruses and malware sneaking past secuirty apps.
- Stop allowing unassigned apps to be installed on your smartphone. Head to Settings and find the Security option. Make sure the “Unknown sources – Allow installation of apps from sources other than the Play store” is off.
- Make sure you have an up-to-date anti-virus suite on your smartphone, this is absolutely crucial.
- Be suspicious of everything. When you receive text messages from unknown numbers or even known numbers, contact the sender and inform them that they appear to be sending suspicious messages.
- Be cautious of public Wifi. Unprotected Wifi networks should never be connected to because the data transferred over them can be intercepted at any point. Also make sure you switch your Wifi off when you aren’t using it.
Our final bit of advice is to educate your friends and family. With the unimpeded access this, and other malware grants, its best to make sure that those around you are informed as well so that they can make an effort to protect themselves.[Image – Pixabay]