Mazar BOT virus for Android: what it is and how to protect yourself

Who I am
Mart铆 Micolau
@martimicolau
Author and references

The Mazar BOT virus for Android spreads in Europe: here's what it is and how you can protect yourself.

Article index:

  • What is Mazar BOT for Android
  • How the virus spreads and what it causes
  • How to defend and prevent
  • Conclusions

 

What is Mazar BOT for Android

Mazar BOT is the name of the new virus for Android smartphones and tablets that is spreading in Europe. The devices Android are now very popular and are used by millions of people even in your country. For this reason, attackers are turning their attention to creating powerful viruses and malware capable of infecting Android terminals, to steal sensitive information from users. As reported in an interesting study by the Virus Bulletin, today there are more and more threats in the mobile sector.



They are not exactly known origins of the virus Mazar BOT, but some clues have been released in this regard. For one thing it does not affect Russian smartphones, hence all devices that use the Cyrillic alphabet. This peculiarity is intrinsic in the source code of the virus itself. Experts noted that the virus checks the location and language set by the Android terminal, and if it turns out to be located in Russia, the virus execution is stopped immediately.

As reported by the Heimdal Security source, there is also another clue regarding his first sighting. The Mazar BOT had been put up for sale in some forum of the dark web. The dark web is a type of web based on anonymity and is part of the deep web, where there is content that is not accessible to search engines. It is likely that the attackers initially wanted to test the potential of the virus, evaluating how to optimize it in order to cause the more damage possible.



Finally there are the considerations to be made on the virus name. The word Mazar probably refers to an important city in Afghanistan. Instead, the term BOT indicates a particular program capable of accessing the network and performing some specific actions. In this case it is obviously a question of malicious actions.

Currently the virus has also spread to Denmark, where over 100 smartphones have been infected.

 

How does the Mazar BOT virus spread and what damage it causes

This virus per Android it is transmitted via a common SMS, which is why it spreads extremely easily and quickly. The message is as follows, but variations of the text are not excluded:

芦You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.禄

It is indicated that a multimedia message has been received and we must click the link to be able to view it. As soon as the link is clicked, the download of an APK application called "MMS Messaging" starts, which proceeds with the installation of the malign software via the network TOR. The TOR network is an anonymous navigation system used on the deep web, which makes communications impossible to locate.

The Mazar BOT automatically obtains the administrator permissions of the device, so it can perform a series of operations without our consent. For example, it can send and receive SMS with any text, access the network and connect to the internet, call, read the phone status, data and completely erase the memory of the terminal.


The first operation performed by the Mazar BOT is to connect to a foreign server, located in who knows what part of the world, by sending an SMS to a number with an Iranian prefix (+98) with the text 芦Thank you禄. In addition, this SMS includes information on data related to the location of the device.


After the virus has taken over the Android smartphone, attackers can open backdoors in the terminal. In this way they control the device remotely anonymously, without the user noticing. They can send messages to toll-free numbers, interrupt and make calls by draining the remaining credit. They also have access to any message arriving. They essentially have full control of the smartphone.

Il virus Mazar BOT it also implements another powerful function. In his code, the 芦Polipo proxy禄 system was detected, which allows access to the web pages consulted by the victim. In practice, hackers can enter between the user and the terminal, going to see which sites are frequented, for example by storing the access data of the bank and any other online service.

This powerful virus can also infect the browser Chrome for Android. Finally, it is capable of performing other commands such as activating sleep mode and changing phone settings.

 

How to defend yourself from the Mazar BOT virus

As mentioned before, the virus is transmitted via a common SMS. If you get the message, all you have to do is delete it immediately without clicking the link. This way you will have avoided infecting your Android terminal. It may seem like a trivial operation, but many people are intrigued by the text in the message and click the link, starting the download and installation of the Mazar BOT.


Not all antivirus they can recognize the threat. As you can see from the analysis performed with VirusTotal, currently the Mazar BOT is correctly recognized by 29 antivirus su 56. These figures are expected to increase over the next few months. It may therefore be useful to install an antivirus on the device.

protect your smartphone from Mazar BOT and other threats, please make sure you have Off installing applications with unknown origins. Go to the settings of your Android, in the "Security" section, look for the item "Unknown sources". By default this setting is already deactivated, but it's always best to make sure. In this way you will be able to install only and exclusively the APK applications downloaded from Google Play, avoiding third-party programs.


Another tip is deactivate the wifi connection when you are not using it. You will therefore avoid unsecured connections with wireless hotspots, and will also consume less battery. Finally, for more advanced users, you can install a VPN to increase the level of security.

 

Mazar BOT virus for Android: conclusions

Now that you know exactly how this virus is contracted and what damage it causes to your smartphone, you will have guessed that cyber security is no longer aimed only at the PC world, but is a topical and of primary importance also in the mobile world. Hackers are always looking for new ways to steal our data, or by encrypting them to ask for a monetary ransom, as in the case of the cryptolocker ransomware.

If you have contracted the virus Mazar BOT and concerns for the security of your privacy, you can rely on a diagnosis of the Android smartphone.

Audio Video Mazar BOT virus for Android: what it is and how to protect yourself
add a comment of Mazar BOT virus for Android: what it is and how to protect yourself
Comment sent successfully! We will review it in the next few hours.