Virus Profile: Android/MazarBOT.A

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 2/17/2016
Date Added: 2/17/2016
Origin: Unknown
Length: N/A
Type: Malware
Subtype: Backdoor
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

Android/MazarBOT.A is a malware that sends premium SMS, steal the received SMS messages, and exfiltrate sensitive information, by setting up a backdoor on device.

Indication of Infection

Sends premium SMS, steal the received SMS messages, and exfiltrate sensitive information, by setting up a backdoor on device.

Methods of Infection

This malware requires that the user intentionally install it upon the device. As always, users should never install applications from unknown or un-trusted android markets.
   

Virus Characteristics

The following permissions are required to install the malicious application:
  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.CALL_PHONE
  • android.permission.GET_TASKS
  • android.permission.INTERNET
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_SMS
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.RECEIVE_SMS
  • android.permission.SEND_SMS
  • android.permission.SYSTEM_ALERT_WINDOW
  • android.permission.WAKE_LOCK
  • android.permission.WRITE_SMS
Android/MazarBOT.A malware, once installed, requires user to grant Device Administrator permission, to prevent user from easily uninstalling the malware. This malware downloads TOR (The Onion Router) proxy from an external server and installs it on device, as well as another proxy application bundled in its APK, which are used for anonymous malicious communication with external server. It executes various malicious activities on device by creating a backdoor to receive commands from the external server, including sending premium SMS messages to the specified phone number, monitoring and interepting incoming SMS messages and send the contents to the server, blocking phone calls, and sending out sensitive information like device phone number, location and IMEI.

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95