Experts Heimdal Security companies have discovered a new malware that attacks Android devices. Malvar not only apply non-standard way: by means of SMS and MMS-messages, but also able to get root-access to the device, to steal financial information and delete all data from the victim's smartphone.
Researchers call distribution method Mazar BOT unique. Indeed, these days mobile Malvar basically waiting for the victims to a third-party app stores (and sometimes even in the official Google Play). Links to Mazar BOT, in turn, send out spam messages in: normal SMS and MMS. Turning on a link, the user downloads a malicious file APK, the launch of which will initiate the installation of the application.
The system enters the name of the malware MMS Messaging and requests administrator rights that gullible victim to it and provide.
After obtaining root-access, Mazar BOT is capable of much. Among other things, can Malvar:
The researchers write that while Mazar BOT downloads and installs on the affected device Tor legitimate application, which is then used for all access to the network. In some cases, also used Polipo proxy app that picks up on the infected device, proxy, allowing operators to monitor the malware traffic victim and carry out man in the middle attacks.
Also after infection, the malware device sends a message to the Iranian number. The message contains the phrase «Thank you». In fact, it acts as a beacon message, that is, it indicates operators campaign that is infected with a new gadget and reports its location.
There have Mazar BOT and another interesting feature: Malvar is not installed on the device, where the primary system language Russian is selected.
The researchers write that this is the first recorded case of attacks using Mazar BOT, though advertising for the first time in Malvar darknet was seen by experts Recorded Future has in 2015.