Mazar Bot is a strong malware with rooting abilities capable of deleting all data from a phone’s storage. It was discovered by Haimdal Security while the firm was busy tracking and inspecting an SMS that was sent to random locations and numbers.
The SMS contained the virus: an Android app file (APK) which carries the infected link. Once the victim clicks on the link, the malicious APK file is downloaded. Users are then asked to install another app, a seemingly genuine messaging app, dubbed MMS Messaging, which easily tricks unaware users and is different from other previous Android threats.
Because of the above-mentioned rooting ability, Mazar Bot can carry out various functions such as sending and receiving SMS messages to premium channel numbers, making calls, gaining full control on the phone’s keys and settings by creating a backdoor, even altering the network status and downloading TOR android app through which it can then surf the net. An all-powerful piece of malware.
Heimdal Security also discovered that Mazar Bot can sometimes install another Android app named Polipo proxy. If deployed by cybercriminals, the proxy – added on the device – allows the attacker to gain unrestricted access to the victim’s Internet traffic and to launch Man-in-the-Middle attacks by intercepting communications or, more in general, by intervening between the victim’s phone and any other sort of Internet service, such as e-commerce websites or banking applications.
The powers of Mazar Bot seem unlimited. In particular there is one more serious threat: the malware can, in the blink of an eye, erase all the stored files on your device, wiping away joyous memories and useful data.
Mazar Bot seems to be of Russian origins. The allegations originate from an unwritten law related to cybercrime: if in fact, no Russians are affected by a cyberattack, officials would not chase after the perpetrators. This offers a great escape to Russian cybercriminals and easily calls for them to be prime suspects in the case. As if this wasn’t enough, Mazar Bot source code reportedly contains instructions on how to block the installation procedure when the phone’s language is set on “Russian”. Another clear clue?
How can one defend itself from such a cyber monster?
Antivirus might not spot it, therefore, the best way to stay safe is to avoid clicking on any link sent via SMS or MMS message; to change the phone settings so as to prevent the phone from installing apps that come from sources other than the play store; to avoid unsecured Wi-Fi networks; to install a VPN to increase security.