This Android Trojan steals banking creds and wipes your phone

Dial P for pwnage

A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn.

The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything with a victim's phone.

The malware can read SMS messages, which means it can also circumvent (two factor authentication) 2FA systems.

The malware also gain the ability to send SMS messages to premium channel numbers, run man-in-the-middle attacks or even erase compromised phones. It also uses TOR for communication.

Antivirus detection is currently very low, Danish security outfit Heimdal Security warns. “Mazar BOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code be abused in active attacks,” Heimdal Security adds in a blog post on the threat.

The malware cannot be installed on smartphones running Android with the Russian language option.

More on the Mazar BOT Android malware can be found in a blog post by CSIS, Heimdal Security’s parent firm, here. CSIS shows how the malware can abuse Chrome injects, among other tricks in its armoury. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021