This content is part of the Essential Guide: Antimalware tools and techniques security pros need right now
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the Mazar malware take control of Android devices?

The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks can be prevented.

An Android bot called Mazar can reportedly give attackers control over Android devices and even wipe them completely. How does this Android bot work, and what precautions should users take?

Heimdal Security blogged about an uncommon Android malware named Mazar, which was previously only observed on the dark web and now is showing up in what appears to be an active attack. Threat intelligence firm Recorded Future also blogged about Mazar's attack on the Russian bank Sberbank. The Mazar malware appears to target text messages and web-based applications, potentially to steal two-factor authentication codes or web-based banking applications. The Mazar malware propagates via SMS messages with malicious links that entice the individual to click on the link. Once the user clicks on the link, it prompts him to install the malicious APK file. This requires the individual to press the Install button to install the malware. Once installed, the Mazar malware has full access to the systems. It will send an SMS message registering it was installed, and then install a web proxy. At this point, the malware can do anything to the system. If the user doesn't click on the malicious URL or click on install, he can avoid the Mazar malware. It is also configured to not attack systems with the Russian language option.

While the Mazar malware is relatively low risk based on the limited number of targets, enterprises should ensure they have the standard precautions in their information security programs. This includes security awareness around safe smartphone usage, such as not installing applications from SMS messages and maintaining a cautious attitude. Enterprises should have some sort of mobile device management system that includes antimalware protection and security options like not allowing applications to be installed from unknown sources.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Develop an antimalware strategy for multifaceted threats

Read about cyberattacks on Asian banks that used the same malware

Learn how to mitigate advanced malware evasion techniques

This was last published in July 2016

Dig Deeper on Mobile security threats and prevention