Mazar: Android Malware from the Darknet

By Ava McKinneyOnline Safety

Mazar: Android Malware from the Darknet

The darknet is widely recognized as a source of most malware and various intriguing hacker tools. It’s important to note that some of the malicious products found in the dark web can be quite interesting. Today, we’ll discuss the Mazar malware, which first came to light about two years ago.

The main feature of this malware is that it targets Android devices via SMS. This poses a particular threat to those who prefer Android over iOS devices, as Android is known for its susceptibility to malware and numerous vulnerabilities.

How Does Mazar Work?

Mazar is a malicious program designed specifically for Android devices, with the goal of granting attackers administrator rights. It spreads through SMS and MMS messages. As soon as you open the message, the malware instantly installs certain software on your device, blocking your access to the system and restricting all administrative rights. Of course, the message contains a link that you need to click for the malware to activate.

Once the hacker gains control, they are typically interested in your files: notes, photos, recordings, and so on. These may contain passwords, logins, code words, CCV codes from bank cards, and more. Additionally, the attacker can make calls or send messages from your phone, lock your device, and even change its PIN.

According to cybersecurity company Heimdal, the malware not only installs its own software but also the Tor Browser, which it uses to connect to mysterious servers. At the same time, geolocation is enabled on the device.

Mazar is not detected by mobile antivirus programs because the malicious file itself is not sent in the SMS/MMS. The message only contains a link, and clicking it installs a malicious APK from the Tor network. This keeps the source of the malware hidden.

Apparently, the malware does not install on devices that have Russian set as the primary language. This makes it easy to guess the nationality and affiliation of Mazar’s creators. The malware is available for sale on darknet markets.

How to Protect Yourself from Mazar

Mazar is considered low-risk, but its consequences can be devastating and irreversible. Avoiding it is simple: do not install .apk applications from unknown sources—Android devices have a setting for this, and most users are aware of it. Naturally, you should also avoid clicking links in SMS/MMS messages—this is common sense.

However, as mentioned above, this malware does not work on Russian-language devices. So, if someone is considering purchasing it, they should think about their targets in advance. For those who use English as their primary language but know Russian, it’s recommended to set Russian as the main language.

Despite its destructive potential, the media has only reported on Mazar once—an incident in Denmark in 2016.

Don’t Be Reckless

Even though this malware is considered low-risk, it should not be ignored. It’s one of those threats that can drain your bank accounts through all your banking apps, bypassing two-factor authentication, which would be extremely frustrating. Of course, you have to click the link for it to work, and 95% of users won’t do that. But the other 5%, perhaps in a careless or impaired state, might, and could lose their data as a result. Don’t forget that the darknet is growing stronger, and data markets are expanding as demand skyrockets. That’s just the reality.

Leave a Reply