Malware “Mazar” Will Erase Your Data On Your Android Device…if You’re a Moron

hacking-android-phoneA Danish security firm has found malware that can, frankly, ravage any Android smartphone with a single text, potentially erasing all of your data, or sending rogue calls and text messages.

Denmark-based security firm Heimdal detected the malware, called “Mazar”, which sends text messages that include an ostensibly harmless multimedia message link to users. Click through, and it downloads Tor software to your phone, and then the actual malware, whose source the Tor software hides.

Heimdal thinks that over 100,000 phones have received the Mazar text in Denmark, the BBC reports, and the firm isn’t yet sure if it’s spread to other countries. But let’s be clear, because this is all sent through a text message, and clicking the link that’s in the text message does the “dirty deed”, this isn’t a case where it’s only affecting certain versions of Android. Mazar can infect ANY Android device.

Okay, so not exactly any device. In an odd twist, Mazar can’t infiltrate devices using Russian as their default language. Does this have anything to say about its country of origin? Well…that’d just be speculation, and it doesn’t really matter.

So should you learn Russian and change your phone settings to it as the default language to protect your device? While certainly learning Russian isn’t a bad thing, especially if you’re in to tech, setting your phone to a foreign language is a pretty extreme measure when common sense is enough.

I don’t know what kind of a lummox just clicks on any link that gets sent to them from a totally unverified and unknown number, but there’s really no good reason that Mazar should be accepted or spreading. Who the Hell just clicks on random links like that (children excluded from this point, of course, though please do teach them some digital etiquette if you’re any kind of parent)? It’s like it’s coming in an e-mail–I could almost understand how that could be at least confusing–but for people to just click on some random link from some random number? That’s ridiculous.

There’s a very old rule in the tech world, and it goes like this: “Unless you were specifically looking for it, don’t click on it”. That can be applied in a million ways, but in this case, unless you’re wanting to receive a picture or video or whatever else comes in a multimedia message from a certain someone–THAT YOU ABSOLUTELY KNOW WHO IT IS–don’t fucking click on that link.

And don’t say to me, “Well, Doc Sovryn, what if the SMS is from a secret admirer sending me a nudie pic or trying to at least be romantic with mystery?” Jack, let me make this real clear: Encryption, privacy, and security are the new sexy. If they’re not down with that, and if they don’t see sending random links from a random number as anything less than creepy…run the fuck away from that person. They are going to ruin your life in the future six ways from Sunday. There’s nothing sexy about “secret texts” with links in them.

What if the person “controlling” the Mazar malware, which can send text messages once they control your smartphone, infects the phone of someone you know and then texts you with the link? To some degree that may be possible, but that requires a degree of control that isn’t clear Mazar has over a device, and in general I recommend not messaging with SMS anymore anyway (minus Signal’s use of it), and I definitely don’t recommend sending links with SMS, as unlike other messaging software it doesn’t preview the link sent, which would’ve been an easy way to see that the link you’re getting is bullshit. So step out of the SMS paradigm (for sending links, anyways) and you’re fine.

Also, if you were going by Dark Android Project principles and only using a tablet and “dumbphone” combination as your mobile setup, there’s no chance that Mazar could infect your device because dumbphones don’t run Android, and tablets (generally) can’t receive SMS messages. You’re sound as a pound with that setup.

So look, Mazar is a clever and serious piece of malware, but its cleverness is based on you being a numbskull. And you’re not a numbskull, otherwise I don’t think you’d be reading this post.

Just relax, keep up your digital hygiene and there is no chance that Mazar will be wiping your phone or using it to send rogue calls or texts.

Carpe lucem!