One of the biggest problems of Android OS is malware attack. We recently wrote about an Android malware, Android.Xiny.19.origin, being distributed through certain games available for download in Google Play Store but there’s a new one out there.
This is even worse as it’s being spread through simple SMS. Hiemdal Security, a Danish company, said in a blog post on its website that this Mazar BOT has spread to over 10,000 devices in Denmark alone. It’s unclear, however, if the malware has spread beyond the country’s borders.
The malware is spread through text message and it normally looks like this:
You have received a multimedia message from +[country code] [sender number] Follow the link http://www.mmsforyou[.]net/mms.apk to view the message.
The application gets administrator’s privileges once installed. It can automatically root the phone, read and send text messages, monitor calls, erase the device and more. According to Heimdal:
Attackers can open a backdoor into Android smartphones, to monitor and control them as they please, read SMS messages, which means they can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and ecommerce websites, and use their full access to Android phones to basically manipulate the device to do whatever they want
One strange behavior the malware exhibits is its refusal to install on devices with Russian selected as the default language. The BOT checks the victim’s country and the application won’t install if Russian is the default language. It is also reported to use TOR anonymity software– which it downloads for– communication.
How to protect yourself
Well, by now you should know that you must never install apps from links sent through SMS. No matter how tempting the offer looks, it’s best to ignore such SMS.
Also, you should try to disable installing application from unknown sources. Unless you’re a power user and you know exactly what you’re doing with your device, you shouldn’t enable this option. Go to Settings > Security > and turn off Unknown Sources.