This article was published on February 16, 2016

Android malware that can erase devices remotely being used in attacks


Android malware that can erase devices remotely being used in attacks

There’s a piece of Android malware currently being used to launch attacks on handsets that, if successful, can result in the full wipe of a device.

According to Heimdal Security, a message being sent to random phone numbers around the world will give attackers complete control of a device if you click on the included link. It tries to get you to click by saying you have a new MMS message that needs to be downloaded.

The malware had been identified as ‘Mazar Android BOT’ and it silently retrieves and installs TOR on the victim’s phone via a legitimate Tor download URL.

android-mazar-admin-rights

It then unpacks TOR and connects it to a specific server, triggering a message to be sent.

The researchers lay out a number of ways in which the malware gives attackers control of a victim’s device – or access to their wider information through further monitoring.

Needless to say, an ‘app’ that can give total control to someone to do whatever they like is one worth avoiding – so no clicking on those random MMS links.

Protection measures

Interestingly, you can avoid all risk by setting your Android device’s language to Russian.

Given Android’s protections against malware largely coming from Google’s control of the Play Store, it’s little surprise to learn that for the malware to be successful you’ll need to have enabled the installation of apps from unknown sources.

It might sound like a ‘why the hell would I do that?’ point, but if you’ve ever installed Amazon Underground or Amazon Prime Video on Android, then there’s a good chance you probably forgot to switch that option back off too.

➤ Security Alert: Mazar BOT Spotted in Active Attacks – the Android Malware That Can Erase Your Phone [Via BBC]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top