An Android bot called Mazar can reportedly give attackers control over Android devices and even wipe them completely. How does this Android bot work, and what precautions should users take?
Heimdal Security blogged about an uncommon Android malware named Mazar, which was previously only observed on the dark web and now is showing up in what appears to be an active attack. Threat intelligence firm Recorded Future also blogged about Mazar's attack on the Russian bank Sberbank. The Mazar malware appears to target text messages and web-based applications, potentially to steal two-factor authentication codes or web-based banking applications. The Mazar malware propagates via SMS messages with malicious links that entice the individual to click on the link. Once the user clicks on the link, it prompts him to install the malicious APK file. This requires the individual to press the Install button to install the malware. Once installed, the Mazar malware has full access to the systems. It will send an SMS message registering it was installed, and then install a web proxy. At this point, the malware can do anything to the system. If the user doesn't click on the malicious URL or click on install, he can avoid the Mazar malware. It is also configured to not attack systems with the Russian language option.
While the Mazar malware is relatively low risk based on the limited number of targets, enterprises should ensure they have the standard precautions in their information security programs. This includes security awareness around safe smartphone usage, such as not installing applications from SMS messages and maintaining a cautious attitude. Enterprises should have some sort of mobile device management system that includes antimalware protection and security options like not allowing applications to be installed from unknown sources.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Develop an antimalware strategy for multifaceted threats