Mazar: Android malware from the dark web

[BadB]

As many may have noticed, the darknet is the source of most malware and various interesting hacker software. At the same time, it is important to note that malicious products in the dark web are sometimes very curious, and today we will talk about Mazar malware, which became known for the first time about two years ago.

The main feature of this malware is that it attacks Android devices via SMS. This poses a certain threat to those who prefer these iOS devices to devices, since Android is known for its susceptibility to malware and many vulnerabilities.

How does Mazar work?​

Mazar is a malicious program designed, as already mentioned, on Andriod devices in order to gain administrator rights to the attacker. It is distributed via SMS and MMS.

As soon as you open the message, the malware instantly installs certain software on the device, which blocks your access to the system and restricts all administration rights. Well, of course, the message contains a link that must be squeezed in order for the malware to work.

The hacker who has gained control is usually interested in your files: notes, photos, notes. There may be passwords, logins, code words, bank card CCV codes, and so on. Moreover, the one who hacked can call from your phone or send messages, as well as block the device and, of course, change the PIN on it.

According to the information security company Heimdal, the malicious program installs, in addition to software, the Tor Browser, through which it begins to connect to mysterious servers. This turns on geolocation in the device.

Mazar is not detected by mobile antiviruses, since the malicious file itself does not come in an SMS / MMS message. The message only contains a link that, when clicked, will install a malicious APK from the Tor network. This leaves the source of the pest in the shade.

Apparently, the malware is not installed on devices that have Russian as their primary language. From this point of view, it is easy to assume the nationality and affiliation of the creators of Mazar. The malware is available for sale on the darknet markets.

How to protect yourself from Mazar?​

Mazar belongs to the category of low risk, but its consequences are devastating and irreversible. It's easy to avoid it: do not install .apk applications from unknown sources, Android devices have such a function and everyone probably knows it. Of course, you shouldn't open links in SMS / MMS either - it's obvious.

However, as mentioned above, this thing does not work on Russian devices, so if someone is going to buy, you need to think about the goals in advance. Also, for those who use English as their main language, but speak Russian, it is recommended to put Russian as the main language.

Despite its destructiveness, the media talked about Mazar only once - this was the case in Denmark in 2021.

Don't be reckless​

Despite the fact that malware is in a low risk zone, you shouldn't ignore it. After all, this is one of those things that will spend your money from all banking applications, bypassing 2-phase authentication, and it will be very offensive.

Of course, you need to click through the link, and 95% of users won't. And the other 5%, being, for example, drunk / inadequate, can do this and lose their data. Keep in mind that the dark web is growing and getting stronger, and markets with data are creating more and more supply, as the demand is really wild. And nothing else.