News  Android

Spread by simple link in SMS 

Android users are being warned of a new virus, spread by SMS, termed "Mazar".

The message is "You have received a multimedia message from +[country code] [sender number] Follow the link *link here* to view the message.", but the link takes the user to malware which immediately infects the device when clicked.

First spotted in Denmark, there are already 100,000 reported infections. Russian language handsets are deliberately unaffected, which suggests the virus originates in that country. There is no word on how far the virus has spread across the world as of yet.

Gives hackers full control

Disclosed by Heimdal, the virus installs an APK which gives the malware admin rights including the ability to wipe the handset. Heimdal has added that Mazar mainly infects devices with Android 4.4 KitKat. However, it is not known whether Lollipop and Marshmallow OS powered devices can be infected.

android phone 700x332

The app actually installs a TOR client, meaning it will then join a botnet which can be used to anonymously spread malware and attack other computers on the internet, not just mobile devices. It automatically sends an SMS to Iran which contains the location of the device.

Handsets become unwitting "man in the middle" zombies

The Mazar virus also uses the Polipo proxy, which is itself entirely legitimate but can be used, as in this instance, to "bridge" traffic by injecting code between the handset and the target. Once it has completed this infection it sees the HTTP traffic which it can record, or modify, without the users knowledge.

hemidal mms 306x521

Users advised not to trust unknown messages

The advice to users is to never tap on web links in text messages from unfamiliar phone numbers, and to be cautious of links even if the message appears to be from a known contact, since sometimes this can be spoofed.

Google will never allow the APK which carries this virus into the Play Store, so another way to guard against it is to never allow "untrusted sources" in the device settings. That way, even if the link is clicked, the attempt to install the APK will fail.