x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • New Android malware can steal personal data and wipe a device's contents

New Android malware can steal personal data and wipe a device's contents

Posted: , by Ben R.

Tags:

New Android malware can steal personal data and wipe a device's contents
Though mobile security has tightened up a great deal since the early days of Android, keeping the baddies at bay will always be a game of digital whack-a-mole. Danish security firm Heimdal has unearthed a particularly spiteful new piece of malicious software that can gain admin rights to a device and wreak subsequent havoc. 

Once any piece of malware has obtained admin rights, the intruder's overlord gains carte blanche over the target device. The Mazar malware is no exception, and takes full advantage of whatever it can infiltrate. Spread via SMS, it can make calls (potentially to premium rate lines), read texts and delete the contents of an entire Android smartphone or tablet without warning. Heimdal believes that Mazar could have reached up to 100,000 handsets in Denmark, though the effect outside of the Scandinavian nation has yet to be established. 

Mazar can only affect devices where users have permitted untrusted app installations via Settings, though. If you don't know what that means, then you're probably safe on this occasion, since Google's platform blocks installs from unverified sources by default. 

If a device does allow apps to be installed from external sources, then Mazar can sink its claws in. Spread under the guise of a legitimate SMS message containing a link, users that tap on said URL then have Tor installed on their device. Tor's services, for those unaware, allow users to connect to the Internet under a veil of anonymity. Great for privacy, but also useful to a hacker funneling malicious software to and from a device undetected, as is the case here. 

Interestingly, the malware cannot be installed on any device with Russian as its selected as its language. Heimdal has tested the bug on Android 4.4 KitKat, but not on any newer editions for now, so it's unknown whether Lollipop or the latest Marshmallow are susceptible. 

As ever, stick to the Google Play Store wherever possible for all of your downloading needs, and ignore any unsolicited SMS messages if you want to avoid Mazar's evildoing. 

source: BBC

51 Comments
  • Options
    Close




posted on 16 Feb 2016, 12:23 2

1. Ninetysix (Posts: 2339; Member since: 08 Oct 2012)


Stay safe android broseph.

posted on 16 Feb 2016, 13:04 11

8. AkoSiKuting (banned) (Posts: 88; Member since: 09 Dec 2015)


Android users deserved this, no need sympathy to those keyboard warriors who keep bashing Apple :)

posted on 16 Feb 2016, 13:08 15

11. Rafishant (Posts: 210; Member since: 13 Oct 2015)


Actually, Phonearena website is the biggest malware on internet.
This site is keep crushing and lagging on all platforms.
I don't know if the management of this website check the lastest miserable and incompetent user experience of this site.

posted on 16 Feb 2016, 17:18 11

30. Mxyzptlk (Posts: 11378; Member since: 21 Apr 2012)


It's the obtrusive ads. This site is impossible on mobile.

posted on 17 Feb 2016, 01:53 1

44. My1cent (Posts: 342; Member since: 30 Jan 2014)


Danish security firm Heimdal, "believes" that Mazar could have reached up to 100,000 handsets in Denmark!!
(3)tap URL link inside SMS on their device that (2)have Tor installed and (1)permitted untrusted app installation
.
Well... believe is what! again?
(1)(2)(3) steps altogether especially (2)Tor? really?

posted on 17 Feb 2016, 03:03

46. Daakumanit (Posts: 5; Member since: 16 Feb 2016)


Use adblock

posted on 16 Feb 2016, 13:10 7

12. King_bilo (Posts: 80; Member since: 20 May 2015)


You know you're a keyboard warrior for saying that right?

posted on 16 Feb 2016, 14:13

18. marorun (Posts: 3163; Member since: 30 Mar 2015)


Come see me at my office i work at Telus on St-hubert street in montreal Canada between the street beaubien and st-zotique i show you how much of a keyboard warrior i am :)

posted on 16 Feb 2016, 14:11 5

17. marorun (Posts: 3163; Member since: 30 Mar 2015)


If you Jailbreak your iphone you can also be hacked by malicious application from the cydia store and such.

Letting unknown app install ( by turning the option on in the dev options and to do thats you need to know how to turn dev options on) is your fault.

So no one will be affected unless they open the door themself.

poor troll.

posted on 16 Feb 2016, 15:02

25. xondk (Posts: 1205; Member since: 25 Mar 2014)


Sorry....but read the article, this is EXACTLY the same for iPhone users installing from an untrusted source, there are countless of malware on both that work like this...if you allow untrusted install from bad source yeah.. regardless of device.

posted on 16 Feb 2016, 17:09

29. nodes (Posts: 681; Member since: 06 Mar 2014)


it's way more difficult to sideload apps from untrusted source in iOS.
in Android, you are just one click away.

posted on 16 Feb 2016, 19:17

36. iushnt (Posts: 1510; Member since: 06 Feb 2013)


That's why I can't live without android..going good so far

posted on 17 Feb 2016, 04:20

47. nodes (Posts: 681; Member since: 06 Mar 2014)


i don't get it what is the advantage of sideloading apps from other source except for piracy?

posted on 17 Feb 2016, 17:58

49. MrElectrifyer (limited) (Posts: 2192; Member since: 21 Oct 2014)


How about getting access to apps that Google doesn't permit on the Play Store, or apps that are no longer in development yet still have a working version (e.g. Mime-O Clipboard Manager), or downgrading to a good version of an app when a devs f*cks it up with an update? Maybe you're fine with bending over and allowing apple and devs dictate what you can have your device, android doesn't force such on it's users...

posted on 17 Feb 2016, 04:30

48. xondk (Posts: 1205; Member since: 25 Mar 2014)


It doesn't seem that different to me, to even get access to an untrusted store that needs to be installed via apk on your phone in the first place, yeah, sure it is download and click, but that's the users own actions and own responsibility, but from what I understand it is the same with iOS?

posted on 16 Feb 2016, 17:18

31. Mxyzptlk (Posts: 11378; Member since: 21 Apr 2012)


But but they said Android was more secure. Not.

posted on 16 Feb 2016, 19:16 5

35. NoToFanboys (Posts: 1126; Member since: 03 Oct 2015)


Nowadays nothing is secure bruh

posted on 16 Feb 2016, 20:14 2

37. Awalker (Posts: 1400; Member since: 15 Aug 2013)


Android device security is largely dependent on the user. I do a lot of things with my Android devices (one of the reasons why I stay with Android) so I'm more susceptible to adverse effects than the average user.

posted on 16 Feb 2016, 22:24 1

40. lyndon420 (Posts: 3870; Member since: 11 Jul 2012)


You're the only one that keeps saying that. Try harder.

posted on 17 Feb 2016, 23:30

50. joey_sfb (Posts: 5348; Member since: 29 Mar 2012)


We have been talking about Android malware here since the beginning of Android life span.

Can anyone share how they get a malware here?

I have not known anyone there has a malware on his/her android devices. Google never make any claim that Android is malware free, most of the attack come from Apple camp, god even their CEO make some serious accusation about Android having malware.

Until i see something substantial is just Apple marketing ploy nothing else. My mom XiaoMi RedMi is malware free last i check. She only has facebook, whatapps installed via Google Playstore and i guess that what most people do with their Android phone.

Mxyzptik... hope you are happy doing your Apple rain dance. LOL!

posted on 16 Feb 2016, 20:53 2

38. sissy246 (Posts: 636; Member since: 04 Mar 2015)


Awww is someone butt hurt

posted on 16 Feb 2016, 13:07 3

9. shaineql (Posts: 346; Member since: 28 Apr 2014)


Mazar can only affect devices where users have permitted untrusted app installations via Settings, though.

posted on 16 Feb 2016, 13:51 3

13. natypes (Posts: 1079; Member since: 02 Feb 2015)


Easy to do when you're not an Apple-cuck.

posted on 16 Feb 2016, 14:09

16. marorun (Posts: 3163; Member since: 30 Mar 2015)


By default you are protected against this.
So very useless clickbait article.

Also good to lure Apple troll out.

posted on 16 Feb 2016, 12:26 23

2. Trakker (Posts: 283; Member since: 11 Feb 2016)


All this time and I've still never had any malware on any Android device, unlike other fruity phones that can be bricked by changing the date.

posted on 16 Feb 2016, 12:28 2

3. Jimrod (Posts: 995; Member since: 22 Sep 2014)


Well that's all the proof you need that there's no problem then, case closed. Like millions of others I've had iPhones from the 3G onwards and also have yet to have any malware or a bricked, bent or exploding phone. Your anecdotal evidence works both ways.

posted on 16 Feb 2016, 12:35 7

4. Trakker (Posts: 283; Member since: 11 Feb 2016)


Good for you!!!

posted on 16 Feb 2016, 14:04 5

15. vincelongman (Posts: 4106; Member since: 10 Feb 2013)


So like the billions of Androids/Windows users, you also have never had malware or viruses

Like seriously, I only know 1 person who managed to get a virus and that was back on Windows XP

posted on 16 Feb 2016, 14:15

20. marorun (Posts: 3163; Member since: 30 Mar 2015)


Ah on thats end i had lots of friend with virus and malware on PC and MAC computers...

Thats maybe because i usually am the one they call to repair the computers when they have issue lol.

posted on 16 Feb 2016, 14:39

22. Awalker (Posts: 1400; Member since: 15 Aug 2013)


I think Windows ME was the last time I had a virus on Windows and I don't know of anyone who has had a virus on Android.

posted on 16 Feb 2016, 14:14 2

19. marorun (Posts: 3163; Member since: 30 Mar 2015)


been using android since what 6 years.

Working in cellphone industry since nearly 10 years.

Not a single android or any other os phone had malware for ALL my clients.
This show a lots about those study and such.

posted on 16 Feb 2016, 15:23 1

27. xocomaox (Posts: 120; Member since: 14 Dec 2015)


Never had an issue, either. Plenty of problems with iPhones and upgrading firmware on them. iOS 7 to 8 caused a soft brick on two of my devices. Malware seems to be a fairy tale when it comes to all phones.

posted on 16 Feb 2016, 22:26

41. lyndon420 (Posts: 3870; Member since: 11 Jul 2012)


...or upgrading the OS.

posted on 16 Feb 2016, 12:44 5

5. Unordinary (Posts: 1181; Member since: 04 Nov 2015)


Another day another virus

posted on 18 Feb 2016, 00:25

51. joey_sfb (Posts: 5348; Member since: 29 Mar 2012)


Apple is the biggest bad ass virus around!

From the number of 'Error 53' cases, its EPIC!!. Every malware and virus developers could only dream of such viral achievement.

posted on 16 Feb 2016, 12:50 2

6. Lycan155 (Posts: 247; Member since: 24 Nov 2013)


Only download apps and games from play store and dont worry Much abot these kind of malwares

posted on 16 Feb 2016, 13:02

7. xq10xa (Posts: 638; Member since: 07 Dec 2010)


What kind of apps do people get from unverified sourches? Like is it just them not wanting to pay for the app so they download the file and try to sideload it? Seems like you have to do alot to get hacked like this....

posted on 16 Feb 2016, 13:08 1

10. Trakker (Posts: 283; Member since: 11 Feb 2016)


A lot of gambling, streaming, ad blockers, self published apps etc.
You got to realise that there is a lot of reasons why people might not go through Google Play so don't be thinking it's all piracy.

posted on 16 Feb 2016, 14:17

21. marorun (Posts: 3163; Member since: 30 Mar 2015)


Yeah its to get free apps mostly thats ppl do this or to get apps not officially available in the country they are or the device they use or illegal apps based on the play store rules..

Its just like Iphone user thats Jailbreak mostly.

If you open the door dont cry if bad ppl enter right?

posted on 16 Feb 2016, 14:44

23. Awalker (Posts: 1400; Member since: 15 Aug 2013)


I download apps from everywhere but I don't download paid apps. If I like an app I'll pay for it.

posted on 16 Feb 2016, 13:54 3

14. RebelwithoutaClue (Posts: 2705; Member since: 05 Apr 2013)


Another day another storm in a teacup...

posted on 16 Feb 2016, 17:29

32. Mxyzptlk (Posts: 11378; Member since: 21 Apr 2012)


Another day, another clueless response from our resident clueless rebel.

posted on 17 Feb 2016, 02:00 3

45. RebelwithoutaClue (Posts: 2705; Member since: 05 Apr 2013)


Another day, same guy, same lame joke. It never gets old does it honeybun. Take your meds yet? ;) Funny you should use Deadpool as your avatar, since that guy is actually funny ;)

posted on 16 Feb 2016, 14:51 3

24. RoboticEngi (Posts: 588; Member since: 03 Dec 2014)


100.000 infected devices in Denmark. ...he he that's utterly bulls**t. There is only 5 million citizens in Denmark and half owns an iphone. And out of the other half at least 50% of those got Lollipop installed. Now we are close to saying 10% of potential victims are infected. I don't think 10 % got their phone opened up to 3rd party apps. I say they are the usual Danish apple ass licking techies who we got tons of here....

posted on 16 Feb 2016, 15:21 3

26. natypes (Posts: 1079; Member since: 02 Feb 2015)


Whoever gets this deserves it. And I hope you get so mad you go buy an apple product. You obviously need a simple device with training wheels like the iPhone.

posted on 16 Feb 2016, 21:02

39. sissy246 (Posts: 636; Member since: 04 Mar 2015)


I don't care how mad I get at android I will never buy apple iphone.

posted on 16 Feb 2016, 16:25

28. KyleRiemen (Posts: 117; Member since: 29 Oct 2014)


So you have to give the app root rights? Or does it get root-rights by its own? If the first is the case and you download an app from "somewhere" and gave it root-rights, then there is nothing to complain about.

posted on 16 Feb 2016, 18:01

33. keithtae (Posts: 341; Member since: 25 Mar 2015)


*Yawn* same thing over and over again.

posted on 16 Feb 2016, 18:29

34. ibend (Posts: 3539; Member since: 30 Sep 2014)


"spread under the guise of a legitimate SMS message containing a link, users that tap on said URL then have Tor installed on their device"
just much effort we need to install this malware? and it even need newer android, language set to russian, and rooted device (and probably no AV installed)

posted on 17 Feb 2016, 00:03

42. avishekmukherjee (Posts: 284; Member since: 09 Apr 2015)


I am crying now

posted on 17 Feb 2016, 00:55 1

43. Krjal (Posts: 229; Member since: 19 Dec 2013)


So you not only have to have outside sources allowed but ALSO click on a suspicious link in an sms at the same time?

Who is stupid enough to do that?

Want to comment? Please login or register.

Latest stories