150817googlemarshmallow04100608185orig
Security

Malware targets all Android phones -- except those in Russia

A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.

MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies.

"Until now, MazarBOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code to be deployed in active attacks," Kruse wrote.

CSIS saw a "swarm" of SMSes sent to random phone number in Denmark on Friday," Kruse wrote. The messages contained a link to an Android package file, which is MazarBOT.

MazarBOT will stop installing itself if it detects an Android device that is running within Russia, perhaps to avoid drawing attention from the country's authorities.

"CSIS was not surprised to observe that the malware cannot be installed on smartphones located in Russia," Kruse wrote.

If phones pass the location test, MazarBOT installs Tor, short for The Onion Router. Tor is a network of distributed nodes that provide greater privacy by encrypting a person’s browsing traffic and routing that traffic through random proxy servers.

The malware then sends an SMS saying "Thank you" along with the device's location to a phone number with Iran's country code.

MazarBOT can exert a lot of control over a phone. It can open up a backdoor to monitor a device, send SMSes to premium rate numbers and read two-factor authentication codes send by SMS.

The malware also has a remote debugging function, which Kruse wrote allows "for a variety of advanced attacks on the network" that a particular Android device uses.

"MazarBOT is pretty advanced and nasty Android malware," Kruse wrote. "Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions."

IDG Insider

PREVIOUS ARTICLE

« Apple wants court to rule if it can be forced to unlock an iPhone

NEXT ARTICLE

10 tips for integrating NoSQL databases in your business »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?