Your photos, contacts, messages, documents, music — everything on your phone obliterated in the blink of an eye, and you can do nothing to stop the full wipe. This possibility is real with the currently circulating Android Mazar BOT malware.
It all begins with a seemingly innocent SMS or MMS message that says “You have received a multimedia message from +[country code] [sender number] Follow the link http: /www.mmsforyou [.] Net / mms.apk to view the message.”
If you receive such a message, resist the urge to satisfy your curiosity. Do not click the included link. That MMS could expose your phone to the Mazar Android BOT malware.
If you click the included URL, your phone will download, install and run TOR. TOR itself is a legitimate program, but the malware uses it to anonymously connect to a remote server. Then your phone sends out “Thank you” via SMS to the number 9876543210. Nothing wrong with being grateful, but this message is insidious because the SMS also sends your phone’s location.
Your phone is then susceptible to malicious attackers who can wreak havoc. They can monitor and control your phone at will, including wiping your phone data, sending SMS messages to premium numbers and accessing your messages. The malware can even inject itself into Chrome and remotely issue commands that control your phone keys, activate sleep mode and more.
According to researchers at Heimdal Security who analyzed the malware, Android phones set to use the Russian language or owned by Russian users are immune to the Mazar Android BOT. For those of us who do not speak Russian, Heimdal Security recommends the following preventive measures to fend off malware infection:
- Do not tap on URLs or links in MMS or SMS messages unless you are certain that the message comes from a trusted source. Always exercise caution, even with messages from known sources.
- Disable the installation of external apps from unknown sources. Make sure that “Unknown sources” under Settings > Security is not checked. Sometimes, you'll need to enable this in order to install legit Android apps such as Amazon Prime Video or Amazon Underground. Always turn off the feature after installing such apps.
- Protect your phone with a reliable antivirus app.
- Turn off Wi-Fi when not in use and avoid unknown or unsecure networks, especially public Wi-Fi hotspots.
- Jack up your privacy and security by using a Virtual Private Network (VPN) on your phone.
For more tips on how to lock down your phone against threats, see our story about making your smartphone secure.
[Image credit: Elmer Montejo / Techlicious]