Europe is faced with a new virus that is hitting Android phones. It was discovered by Heimdal Security. The virus is called Mazar and it spreads through texts. Once installed, it forwards all web traffic through a malicious proxy that allows attackers to reap sensitive details from the web activity of the user.
Heimdal told the BBC the malware was currently sent out to more than 100,000 phones in Denmark, although it is next to impossible to determine how far Mazar has spread from that point. It is important to mention that the virus is designed to avoid all phones with the language set to Russian. It is thought this may be as a gesture to pacify Russian police.
The app depends on numerous bad security practices for it to be able to spread. The virus arrives in a SMS message, and if the user simply refuses to follow the link in the message, they will remain safe. Even if you tap on the link, the virus doesn’t install unless you let software that resides outside the Google Play store to install, which most security guides warn against. The effects have only been verified for phones running the KitKat version of Android, but it is likely that older models can also be affected.
Still, it does not seem to slow down the Mazar virus, or help the security firms trying to catch it. According to a scan on VirusTotal, just 3 of the top 54 virus databases detected the Mazar virus on a scan. Heimdal has now gone public with its results, so we hope to see that number starting to go up.
[Featured image credit: recordere.dk / Image cropped, color filters added]