Android Mazar malware that can ‘Wipe Phones’ Spread via SMS

By   ISBuzz Team
Writer , Information Security Buzz | Feb 18, 2016 07:00 pm PST

The BBC has reported an attempt to spread a powerful form of Android malware via text messages. Mazar can gain administrator rights on phones, allowing it to wipe handsets, make calls or read texts. However, it will not install on phones where the language is set to Russian. Security experts from ESET and Proofpoint have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Ryan Kalember, SVP of Cybersecurity Strategy at Proofpoint:

“It’s certainly not uncommon for malware, including mobile malware, to be selective about the user populations it infects. Without more forensic detail, attribution is difficult, but this certainly points to a Russian-speaking cybercriminal group. Users can protect themselves by quite simply not opening unexpected files sent to them by unknown SMS numbers. This type of malware often evolves to worm-like behavior (that is, it propagates using the users’ own contacts to send out copies of itself), and in that case, users would also need to be sceptical of unsolicited multimedia sent to them by even known numbers.”[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]David Jevans, VP of Mobile Security at Proofpoint:

“Another clue that it may be targeted for use by Russian cyber criminals is that the administration user interface for the criminals, which is used to monitor infected Android devices and steal credentials from their users, is in Russian. This control panel is very similar in appearance to botnet control panels that have historically been used by online banking criminals that target PC computers.

However, there are a number of potentially fake diversions. For example, text messages about successful installation are sent to a phone number in Iran. This is almost certainly a decoy.”[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT Security Firm, ESET:

“We often overlook mobile phones as a very potential attack vector for malware but they are a lot more than a simple communication device these days and take up a very large proportion of our daily lives. As with any computer related device it needs protecting, if you access the internet in any way shape or form then you are at risk.

Security software can only do so much to protect you, the Android Operating System will try and protect you from harm by having a feature ticked to stop you from downloading applications or programs from unknown or untrusted sources and you should leave this ticked (protected) almost all of the time. If you are going to untick and download something then be very certain it’s safe beforehand. Bad programs can hide anywhere, even from within programs that look legit, if you download something dodgy it won’t always tell you it’s bad and could end up installing something malicious on your phone.

An interesting feature of this particular piece of malware is the fact it won’t install on Russian language phones, there will be plenty of speculation around this as to why but there could be any number of reasons why this happens. Cyber criminals usually have no morals when it comes to infecting their prey, the idea is to infect as many as possible in as short a time as its prevalent, it may simply be a technical reason why it won’t install more like failure to test properly rather than intentional.”[/su_note]

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x