Security researchers have spotted a new strain of Trojan malware that targets users of the Android operating system by luring them into clicking on a malicious link that spreads via text messages and MMS.
The Android Trojan, called Mazar Android BOT, is designed to take full control of your mobile device, including administrative privileges and access to all functions of the smartphone.
Security experts at Heimdal Security, which initially discovered the malware in the wild, reveal that the message that the attackers are sending to millions of Android users read as follows
“You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.”
The security experts warn that when you follow the link, you will be redirected to an Android application package that would try to convince you to download the package with the nonchalant file name MMS Messaging. The goal is to further gain the trust of the user in the safety of the APK.
Once the APK is downloaded and installed in your smartphone, the attacker introduces a malicious code into your device in order to obtain full administrator rights. These privileges would enable the attacker to root your smartphone, keep track of the text messages that go into your device, view all of the device’s data and see your browsing activity.
The worst that a hijacker can do to your phone is read the security codes sent to your mobile number by Internet services that have implemented the two-factor authentication process. But the most dangerous thing a hacker can do to your phone is removing all pieces of information stored in your system
As of now, there is no clear indication as to what country is being primarily targeted by the Android Trojan, but security researchers observe that users in Russia are not affected. Security experts from another security vendor detected the malware late last year, during which it worked to install the TOR software on devices infected by the malicious code to make the handset connect to the command and control servers of the hackers.
The new version of Mazar now adds a Polipo HTTP proxy in order to provide attackers with full access to infected Android handsets. Attackers use this sort of proxy in order to launch man-in-the-middle designed to eavesdrop on the browsing sessions of users. Mazar also has the capability to infect mobile Chrome browsers.
Security experts strongly advise against clicking on any link sent to your phone that appears suspicious.