Menu
Malware targets all Android phones -- except those in Russia

Malware targets all Android phones -- except those in Russia

The MazarBOT appears aimed at compromising online bank accounts

A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.

MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies.

"Until now, MazarBOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code to be deployed in active attacks," Kruse wrote.

CSIS saw a "swarm" of SMSes sent to random phone number in Denmark on Friday," Kruse wrote. The messages contained a link to an Android package file, which is MazarBOT.

MazarBOT will stop installing itself if it detects an Android device that is running within Russia, perhaps to avoid drawing attention from the country's authorities.

"CSIS was not surprised to observe that the malware cannot be installed on smartphones located in Russia," Kruse wrote.

If phones pass the location test, MazarBOT installs Tor, short for The Onion Router. Tor is a network of distributed nodes that provide greater privacy by encrypting a person’s browsing traffic and routing that traffic through random proxy servers.

The malware then sends an SMS saying "Thank you" along with the device's location to a phone number with Iran's country code.

MazarBOT can exert a lot of control over a phone. It can open up a backdoor to monitor a device, send SMSes to premium rate numbers and read two-factor authentication codes send by SMS.

The malware also has a remote debugging function, which Kruse wrote allows "for a variety of advanced attacks on the network" that a particular Android device uses.

"MazarBOT is pretty advanced and nasty Android malware," Kruse wrote. "Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments