- Dec 30, 2012
- 4,809
A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.
MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies.
CSIS saw a "swarm" of SMSes sent to random phone number in Denmark on Friday," Kruse wrote. The messages contained a link to an Android package file, which is MazarBOT.
The Onion Router. Tor is a network of distributed nodes that provide greater privacy by encrypting a person’s browsing traffic and routing that traffic through random proxy servers.
The malware then sends an SMS saying "Thank you" along with the device's location to a phone number with Iran's country code.
MazarBOT can exert a lot of control over a phone. It can open up a backdoor to monitor a device, send SMSes to premium rate numbers and read two-factor authentication codes send by SMS.
The malware also has a remote debugging function, which Kruse wrote allows "for a variety of advanced attacks on the network" that a particular Android device uses.
"MazarBOT is pretty advanced and nasty Android malware," Kruse wrote. "Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions."
Source
MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies.
CSIS saw a "swarm" of SMSes sent to random phone number in Denmark on Friday," Kruse wrote. The messages contained a link to an Android package file, which is MazarBOT.
The Onion Router. Tor is a network of distributed nodes that provide greater privacy by encrypting a person’s browsing traffic and routing that traffic through random proxy servers.
The malware then sends an SMS saying "Thank you" along with the device's location to a phone number with Iran's country code.
MazarBOT can exert a lot of control over a phone. It can open up a backdoor to monitor a device, send SMSes to premium rate numbers and read two-factor authentication codes send by SMS.
The malware also has a remote debugging function, which Kruse wrote allows "for a variety of advanced attacks on the network" that a particular Android device uses.
"MazarBOT is pretty advanced and nasty Android malware," Kruse wrote. "Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it will most likely succeed in circumventing most online banking protection solutions."
Source