android marshmallow

Android users are being warned about a new strain of malware called Mazar Bot that is hitting smartphones, giving attackers full administrative rights to monitor and control nearly every aspect of the phone.

The manipulative and persistent piece of malware, found to be in active use by researchers at Heimdal Security, takes hold via a malware-ridden SMS/MMS message that, once clicked, spreads a torrent of alarming exploits such as sending malicious text messages, anonymously accessing the web, putting the phone into sleep mode and even fully erasing all content from the device.

Unlike the typical Android exploit, Mazar Bot targets users with a direct message and is not downloaded through a third-party application store. Until now, the malware was advertised as being for sale on the dark web however this is the first known case of it being exploited in active attacks.

Once on a device, the malware covertly downloads Tor that allows it to connect anonymously to the internet to ping a server that effectively acts like a beacon to alert the attacker that a fresh device has been compromised. What's worse, it can install the Android-based Polipo Proxy application which lets the owner of the malware intercept and spy on all internet traffic passing through the smartphone.

According to Andra Zaharia, security specialist at Heimdal Security, this could lead to Man-in-the-Middle (MITM) attacks which are often used to steal sensitive details such as email account logins, social media credentials and banking information.

 

Source: International Business Times