Mazar will arrive as an SMS or MMS message and installs a program on the phone giving administrator rights to the attacker. From there, almost nothing is out of bounds, from creating and sending new messages, monitoring activity, making calls, reading existing messages, messing with Chrome, locking the device, and worst of all, erasing the phone.
The process is complex, according to Heimdal’s research, and involves the original message, the installation of the program and TOR, connection to a mystery server, and finally the sending of an SMS with the device’s location. Why with the location? Interestingly, the security team discovered Mazar won’t install on devices that have Russian selected as the default language option. It’s noted the malware is available to buy through criminal websites located on the Dark Web, but this is the first time it has been seen attacking Android phones in the wild.
Awkwardly, it’s very difficult for antivirus software to spot, so people concerned about the attack need to take care themselves. The most obvious way to avoid Mazar is to never click on links sent in messages from anyone you don’t know. If you’re still worried, make sure the option to only install apps from Google Play is active under Settings, and Security on your phone. The malware requires the ability to install apps from unknown sources to be selected. Oh, and if Mazar is your big worry, just start using your phone in Russian.
While concerning, the Mazar malware isn’t going to be particularly common, and there’s an excellent chance you’ll never come into contact with it. Even Heimdal says it doesn’t know how widespread the problem is. That doesn’t mean you shouldn’t be cautious though, because Mazar isn’t the only piece of malware out there that could cause serious problems.
