This Android Trojan steals banking creds and wipes your phone

Dial P for pwnage


A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn.

The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything with a victim's phone.

The malware can read SMS messages, which means it can also circumvent (two factor authentication) 2FA systems.

The malware also gain the ability to send SMS messages to premium channel numbers, run man-in-the-middle attacks or even erase compromised phones. It also uses TOR for communication.

Antivirus detection is currently very low, Danish security outfit Heimdal Security warns. “Mazar BOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code be abused in active attacks,” Heimdal Security adds in a blog post on the threat.

The malware cannot be installed on smartphones running Android with the Russian language option.

More on the Mazar BOT Android malware can be found in a blog post by CSIS, Heimdal Security’s parent firm, here. CSIS shows how the malware can abuse Chrome injects, among other tricks in its armoury. ®


Keep Reading

Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’

Behaves like a legit software installer and phones home for instructions, but lacks a payload

Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

Linux variant studied, dissected in detail in case you want to look out for it

Ad-scamming, login-stealing Windows malware is hitting Chrome, Edge, Firefox, Yandex browsers, says Microsoft

Sophisticated campaign has been going on for months, we're told

Google scolded for depriving the poor of privacy as Chinese malware bundled on phones for hard-up Americans

Updated To make matters worse, uninstalling it could cause even more pain

How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well

'Try telling leaders of libpng, libjpeg-turbo, openssl, ffmpeg etc they can't make "unilateral" changes to their own projects'

If my calculations are correct, when Google Chrome hits version 88, you're gonna see some serious... security

Manifest v3 plus JavaScript timer throttling, vuln fixes, FTP killed off, etc

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

More than 3,500 folks' payment info quietly stolen

Google Firebase Cloud Messaging offers spam tier for some – no account required, just knowledge of bad security

All that's necessary is willingness to abuse server keys exposed in apps and some technical know-how

Biting the hand that feeds IT © 1998–2021