Email
Password
Remember meForgot password?
    Log in with Twitter

article imageNew Android malware can wipe phones, spreads via SMS

By James Walker     Feb 16, 2016 in Technology
A new form of serious Android malware has been discovered that uses malicious texts to spread across phones. A web link in the text installs malware on the phone, giving its controllers complete access to the device.
As the BBC reports, Danish security firm Heimdal discovered the malware, named Mazar, in action in the real world this week. The company believes over 100,000 phones in Denmark have already been infected. It is currently unclear whether the text messages have ventured across borders yet.
The attack begins with an innocent-looking text message being sent to the phone. It advises the user to click a link to content that appears to be a video online, convincing the user to visit the website.
Instead of loading a video, the link downloads the anonymising Tor web browser to the phone, rendering subsequent actions untraceable and thus giving the malware's creators protection. Once Tor is installed, the browser is used to download the malicious app that contains the main functionality of the attack while keeping the source of the download invisible.
The malware provides the attackers with administrative rights to any handset it is installed on. It could be used to monitor calls or texts, track a user's activity, upload content from the phone to remote servers or wipe a device completely. With all transfers anonymised through Tor, the location of the command-and-control server responsible for distributing the malware remains unknown.
Mazar was first discovered in November 2015 and has been available for sale on the Dark Web for a few months. Heimdal Security said this is the first time it has seen an attacker use the code though, suggesting "attackers may be testing this new type of Android malware to see how they can improve their tactics and reach their final goals, which probably is making more money (as always)."
Another possible use for the malware would be calling premium-rate phone numbers, making the attackers money at the expense of the phone's owner. This style of attack is now on the increase due to the large sums of money involved. One network of phone hackers, exposed last week, made $50 million over the past four years by dialling premium-rate phone lines from the PBX phone systems used in American organisations.
As scary as smartphone attacks like Mazar may sound, the malware nearly always has a weakness. In this case, the exploit doesn't work unless an Android security feature has been manually disabled by the user, letting apps be installed from locations other than the Google Play Store.
As this is unlikely to be changed by the vast majority of users — it's intended to let app developers test out their apps on their own phone — most people shouldn't be affected by Mazar. Heimdal also advises people stick to security best practices and never click on web links sent in random messages from an unknown source, something that may sound logical initially but can be easily forgotten when an attacker directs you to a cleverly disguised URL.
More about Android, Malware, Security, exploit, Vulnerability
 
Latest News
Top News