Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

March 29, 2016

'Advanced and nasty' Android malware discovered

This new piece of malware is being delivered via SMS and encourages the user to download a fraudulent “MMS Messaging” app with permissions to carry out almost any task on the device.



Android users have been warned that new malware could give hackers access to the entire contents of their phone.

Dubbed ‘MazarBOT’, the new piece of malware is delivered via a text that tells users they have a multimedia message which can be accessed by following a link. When clicked, the URL prompts users – via social engineering – to download a fraudulent “MMS Messaging” app. Users are also tricked into giving the app multiple permissions to carry out almost anything on the device.

The first thing MazarBOT does, once installed, is download the Tor browser (to access websites anonymously). This helps it to evade authorities, as messages are pinged across numerous locations. Next, information on the device’s whereabouts is sent via SMS to a mobile phone registered in Iran.

Avoid MazarBOT by switching your language settings to Russian!

Though there’s an Iranian link, MazarBOT first emerged on underground Russian forums, where it was available for purchase. Most interestingly, it will not activate on any devices that have their language settings as Russian. This offers a glimpse into where the malware most probably originated, as developers will often build in ways and means of preventing themselves from accidentally becoming victims of their own creations.

Android devices infected with MazarBOT could fall foul of any number of actions. Hackers can, for example, monitor and control devices via a back door. They can also send messages to premium rate numbers or intercept two-factor authentication codes used by banks and the like to make registration much safer.

Cybercriminals could also launch so-called ‘man-in-the-middle’ attacks, where hackers are able to intercept communications between two devices before sending them on their way. Not only does this allow hackers to read private communications, messages could also be altered.

Though the highest proportion of MazarBOT messages were sent to Danish Android owners, security group CSIS says it could move across Europe and the wider world very soon.

Commenting, partner and security specialist at the firm, Peter Kruse, told csis.dk: “MazarBOT is (a) pretty advanced and nasty Android malware. Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions.

Mobile device security has been talked about for the last few years, it seems that now more and more threats are targeting such devices. It’s interesting to note the UK Governments ‘Cyber Security Essentials’ standard make specific reference about the need to protect mobile devices. The challenge for most organisations is balancing the need to offer mobile devices to staff to improve productivity and communication whilst at the same time ensuring the same devices don’t become the weak link in an otherwise strong defence against Cyber threats. Further complicated when the devices are not owned by the business as with BYOD, or where the devices are accessing cloud Services.

So what are the options? There are many ways to tackle device security, below are some suggestions;

Implement containerisation on the devices to segment Corporate data from the rest of the device

Deploy Anti-Virus and Endpoint Security protection for mobile devices

Consider a solution to manage and apply security polices to such devices, such as: encryption, password usage, lockout and remote wiping

Last and not least, ensure staff understand the risks posed with mobile devices, and there is a clear and distributed “Do’s and Don’ts usage guide/policy for the use of mobile devices or personal devices for business use.

If you want some independent and specialist advice, then please do call or email us, we are always happy to help. info@cstl.com or tel 020 7621 7836.



CST awarded ‘Cyber Essentials Plus’ certification body status - we can help you achieve Cyber Defence recognition.
Cyber Essentials aims to help organisations implement fundamental levels of protection against cyber-attack, demonstrating to their customers that they take cyber security seriously. We can assist with the advice, and can undertake assessment to award you Cyber Essentials plus certification.