A new virus threatens Android smartphones and its name is Mazar
For Android users, there is a new threat: hackers are trying to spread a very powerful malware, called Mazar, which infects smartphones through a seemingly harmless sms. Mazar allows its operation to erase all data on the devices of the affected users.
But Mazar also use all your information to make phone calls or send payment messages that boosted the bill. Hackers can also read the texts stored on the device and spy on all internet traffic on the phone. The warning is the Danish IT company Heimdal Security, according to which the text message was sent to more than 100 thousand people only in Denmark. However, the researchers can not be certain that the messages were received from other users.
The text message apparently has no cause for concern, because it contains a link to what looks like a multimedia message. Clicking on the link, the victim download on the phone a Tor software, which enables anonymous connections to the internet, through which in turn malware is downloaded. Particularities of Mazar is that it was designed not to hit the Russians, or rather the devices where the selected language is Russian, experts explain, and the malware could be exploited by cybercriminals to launch more sophisticated and targeted attacks in the future.
Mazar Bot also integrates a proxy that can be exploited to conduct man-in-the-middle and, consequently, also intercept the content of the encrypted communication over HTTPS. The virus can bind in glove with the Chrome browser, with the ability to intercept all information entered by the user. To install the malicious APK file, among other things, it is essential that the user has activated the Unknown sources box in the Security section of the Android settings.
Despite the malware has already made several victims, it must be said that the infection can be avoided by using the simple common sense. Why give credit immediately to the content of an SMS/MMS without asking any questions? Why accept the installation of an unknown application and from dubious origin? This app is used to connect to the C & C server (command control) of the attackers so they can take control of the device infected and perform a series of operations, you just have to avoid any of their APK links.