MazerBOT Targets Android Phones – Unless They’re In Russia

Malware, or malicious software, includes everything from your pop-up ads to opening doors for full-scale hacks to companies. Taking a trip the malware museum shows you how software like Dridex can not only threaten banking systems but also your everyday smartphone. The latest malware on the Net is called MazarBOT and has a unique feature, it won’t install itself if you are in Russia.

MazarBOT has been seen advertised on certain forums for a few months now but was never actually seen in use, until now. MazarBOT is a nasty piece of software that takes control of your android phone, with a specific focus on people who use their phone for online banking. Peter Kurse, IT security expert and founder of CSIS Security Group, did a deep investigation into the problem discovering more about this malware.

By sending a “swarm” of SMS’s to random phone numbers to Denmark, the software has started to spread by sending a message with a link to the android package file, the contents of which are none other than MazarBOT. Able to intercept text messages, including those with two-factor authentication codes, MazarBOT is a nasty piece of work, sending your phone’s location to a number (starting with Iran’s country code) upon successful installation.

Upon detecting that the phone is in Russia though the malware will stop installing, this is initially thought to be in order to avoid drawing the wrath from Russia’s security services.