New Android malware can steal personal data and wipe a device's contents

New Android malware can steal personal data and wipe a device's contents
Though mobile security has tightened up a great deal since the early days of Android, keeping the baddies at bay will always be a game of digital whack-a-mole. Danish security firm Heimdal has unearthed a particularly spiteful new piece of malicious software that can gain admin rights to a device and wreak subsequent havoc. 

Once any piece of malware has obtained admin rights, the intruder's overlord gains carte blanche over the target device. The Mazar malware is no exception, and takes full advantage of whatever it can infiltrate. Spread via SMS, it can make calls (potentially to premium rate lines), read texts and delete the contents of an entire Android smartphone or tablet without warning. Heimdal believes that Mazar could have reached up to 100,000 handsets in Denmark, though the effect outside of the Scandinavian nation has yet to be established. 

Mazar can only affect devices where users have permitted untrusted app installations via Settings, though. If you don't know what that means, then you're probably safe on this occasion, since Google's platform blocks installs from unverified sources by default. 

If a device does allow apps to be installed from external sources, then Mazar can sink its claws in. Spread under the guise of a legitimate SMS message containing a link, users that tap on said URL then have Tor installed on their device. Tor's services, for those unaware, allow users to connect to the Internet under a veil of anonymity. Great for privacy, but also useful to a hacker funneling malicious software to and from a device undetected, as is the case here. 

Interestingly, the malware cannot be installed on any device with Russian as its selected as its language. Heimdal has tested the bug on Android 4.4 KitKat, but not on any newer editions for now, so it's unknown whether Lollipop or the latest Marshmallow are susceptible. 

As ever, stick to the Google Play Store wherever possible for all of your downloading needs, and ignore any unsolicited SMS messages if you want to avoid Mazar's evildoing. 

source: BBC

FEATURED VIDEO

49 Comments

1. Ninetysix

Posts: 2964; Member since: Oct 08, 2012

Stay safe android broseph.

8. AkoSiKuting

Posts: 88; Member since: Dec 09, 2015

Android users deserved this, no need sympathy to those keyboard warriors who keep bashing Apple :)

11. Rafishant

Posts: 396; Member since: Oct 13, 2015

Actually, Phonearena website is the biggest malware on internet. This site is keep crushing and lagging on all platforms. I don't know if the management of this website check the lastest miserable and incompetent user experience of this site.

30. Mxyzptlk unregistered

It's the obtrusive ads. This site is impossible on mobile.

44. My1cent

Posts: 370; Member since: Jan 30, 2014

Danish security firm Heimdal, "believes" that Mazar could have reached up to 100,000 handsets in Denmark!! (3)tap URL link inside SMS on their device that (2)have Tor installed and (1)permitted untrusted app installation . Well... believe is what! again? (1)(2)(3) steps altogether especially (2)Tor? really?

46. Daakumanit

Posts: 5; Member since: Feb 16, 2016

Use adblock

12. King_bilo

Posts: 115; Member since: May 20, 2015

You know you're a keyboard warrior for saying that right?

18. marorun

Posts: 5029; Member since: Mar 30, 2015

Come see me at my office i work at Telus on St-hubert street in montreal Canada between the street beaubien and st-zotique i show you how much of a keyboard warrior i am :)

17. marorun

Posts: 5029; Member since: Mar 30, 2015

If you Jailbreak your iphone you can also be hacked by malicious application from the cydia store and such. Letting unknown app install ( by turning the option on in the dev options and to do thats you need to know how to turn dev options on) is your fault. So no one will be affected unless they open the door themself. poor troll.

25. xondk

Posts: 1904; Member since: Mar 25, 2014

Sorry....but read the article, this is EXACTLY the same for iPhone users installing from an untrusted source, there are countless of malware on both that work like this...if you allow untrusted install from bad source yeah.. regardless of device.

29. nodes

Posts: 1159; Member since: Mar 06, 2014

it's way more difficult to sideload apps from untrusted source in iOS. in Android, you are just one click away.

36. iushnt

Posts: 3105; Member since: Feb 06, 2013

That's why I can't live without android..going good so far

47. nodes

Posts: 1159; Member since: Mar 06, 2014

i don't get it what is the advantage of sideloading apps from other source except for piracy?

49. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

How about getting access to apps that Google doesn't permit on the Play Store, or apps that are no longer in development yet still have a working version (e.g. Mime-O Clipboard Manager), or downgrading to a good version of an app when a devs f*cks it up with an update? Maybe you're fine with bending over and allowing apple and devs dictate what you can have your device, android doesn't force such on it's users...

48. xondk

Posts: 1904; Member since: Mar 25, 2014

It doesn't seem that different to me, to even get access to an untrusted store that needs to be installed via apk on your phone in the first place, yeah, sure it is download and click, but that's the users own actions and own responsibility, but from what I understand it is the same with iOS?

31. Mxyzptlk unregistered

But but they said Android was more secure. Not.

35. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Nowadays nothing is secure bruh

37. Awalker

Posts: 1977; Member since: Aug 15, 2013

Android device security is largely dependent on the user. I do a lot of things with my Android devices (one of the reasons why I stay with Android) so I'm more susceptible to adverse effects than the average user.

50. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

We have been talking about Android malware here since the beginning of Android life span. Can anyone share how they get a malware here? I have not known anyone there has a malware on his/her android devices. Google never make any claim that Android is malware free, most of the attack come from Apple camp, god even their CEO make some serious accusation about Android having malware. Until i see something substantial is just Apple marketing ploy nothing else. My mom XiaoMi RedMi is malware free last i check. She only has facebook, whatapps installed via Google Playstore and i guess that what most people do with their Android phone. Mxyzptik... hope you are happy doing your Apple rain dance. LOL!

38. sissy246

Posts: 7112; Member since: Mar 04, 2015

Awww is someone butt hurt

9. shaineql

Posts: 522; Member since: Apr 28, 2014

Mazar can only affect devices where users have permitted untrusted app installations via Settings, though.

13. natypes

Posts: 1110; Member since: Feb 02, 2015

Easy to do when you're not an Apple-cuck.

16. marorun

Posts: 5029; Member since: Mar 30, 2015

By default you are protected against this. So very useless clickbait article. Also good to lure Apple troll out.

2. Trakker

Posts: 283; Member since: Feb 11, 2016

All this time and I've still never had any malware on any Android device, unlike other fruity phones that can be bricked by changing the date.

3. Jimrod

Posts: 1605; Member since: Sep 22, 2014

Well that's all the proof you need that there's no problem then, case closed. Like millions of others I've had iPhones from the 3G onwards and also have yet to have any malware or a bricked, bent or exploding phone. Your anecdotal evidence works both ways.

4. Trakker

Posts: 283; Member since: Feb 11, 2016

Good for you!!!

15. vincelongman

Posts: 5693; Member since: Feb 10, 2013

So like the billions of Androids/Windows users, you also have never had malware or viruses Like seriously, I only know 1 person who managed to get a virus and that was back on Windows XP

20. marorun

Posts: 5029; Member since: Mar 30, 2015

Ah on thats end i had lots of friend with virus and malware on PC and MAC computers... Thats maybe because i usually am the one they call to repair the computers when they have issue lol.

22. Awalker

Posts: 1977; Member since: Aug 15, 2013

I think Windows ME was the last time I had a virus on Windows and I don't know of anyone who has had a virus on Android.

19. marorun

Posts: 5029; Member since: Mar 30, 2015

been using android since what 6 years. Working in cellphone industry since nearly 10 years. Not a single android or any other os phone had malware for ALL my clients. This show a lots about those study and such.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.