Android Malware Mazar through Text Messages
An effort in spreading a powerful kind of Android malware through text messages has been identified by a Danish security company wherein Mazar tends to gain administrator rights on phones enabling it to wipe handsets, make calls or even read text messages. But it will not install on phones if the language is set to Russian. Besides this, users need to have unchecked a default setting on Android devices which ensures software could only be installed from trusted sources. Heimdal, a security firm is of the belief that the malicious text could be sent to more than 100,000 phones in Denmark, though they are not sure if users in other countries could have received the messages.
It is said to be the first time that Mazar has been identified in widespread real world attacks. In some of the examples considered by Heimdal, users tend to receive a harmless looking text with a link to what looks like a multimedia message. The link tends to download Tor software that enables anonymous internet connection to the phone. Thereafter the malware is downloaded via Tor in a deceptive attempt to hide the source of the malicious software.
Unable to Install on Smartphone Running Android with Russian language
An interesting feature of Mazar is that it is unable to get installed on smartphones running Android with `Russian’ chosen as the language for its operating system. As per Morten Kjaersgaard, chief executive of Heimdal, similar controls has been detected in PC malware in the past. The infected phones could be at risk from various threats, from attacker silently monitoring devices in reading user’s texts or erasing all personal data from the handsets.
Moreover, the attacker could just send a lot of texts to premium numbers. Mr Kjaersgaard informed BBC that it could do a lot of damage probably running up a big phone bill where the customer would be accountable. Heimdal had tested phones running Android Kitkat though Mr Kjaersgaard is of the belief that the issue would probably affect all prior versions too. The later versions of the operating system have not been tested. Users have been advised not to tap on web links in text messages from unfamiliar phone numbers and be cautious of links even though the messages seems to appear to be from known contact as at times it could be tricked
Mazar Believed to be distributed by Russian Cyber Criminals
Mazar malware is believed to be distributed by Russian based group of cyber criminals and a clue to this notion is that Mazar cannot be installed on Android smartphone in Russia since its source code comprise of instructions on how to stop the malware installation procedure on phone configured with the Russian language. Another hint is that there is an unwritten law in Russia which states that if cyber criminals do not go after Russians, the Russian authorities will not go after them.
In addition, there is no indication yet that Mazar campaign has affected anyone in Russia. Till now, Mazar for Android had been advertised on several Russian underground – Dark Web, forums though this is the first time this code has been misused in active attacks. A Google spokeswoman had informed that over one billion devices are protected with Google Play that conducts security scans of 200 million devices each day. She further added that less than 1% of Android devices had a Potentially Harmful App installed in 2014 and lesser than 0.15% of devices which only tend to install from Google Play had a Potentially Harmful App installed.