Malware Targets All Android Phones — Except Those In Russia

itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.

Obligatory

[Anonymous Coward]

In Soviet Russia, malware not target you

Russia refuses to police their country

[Anonymous Coward]

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

Re:

[Anonymous Coward]

The country simply refuses to police themselves

They believe in freedom. They have an amendment to the constitution that deregulates malware writing.

Re:

[Archtech]

"I'd support sanctioning Putin directly to prevent him from entering the EU".

Wow, what a deterrent. That would really scare him.

As a matter of interest, why would he want to enter the EU?

Re:

[Ritz_Just_Ritz]

I suspect that when Putin enters the EU, he'll do it in a tank. 1/2 :)

Re:Russia refuses to police their country

[Flavianoep]

The Eurodisney is in EU.

Re:

[ultranova]

As a matter of interest, why would he want to enter the EU?

Putin's going to need asylum eventually. The whole reason he's causing trouble in Ukraine and Syria is that he's incapable of improving either Russia's or Russian's situation. He's trying to counter with the "you're under attack, rally under my banner, I'm kinda tough guy" gambit. It's backfiring due to the resulting economic sanctions making normal Russians even worse off, and even in the case of Putin managing to break the EU, the result will sim

Re:

[Runaway1956]

Putin - - - causing trouble - - - Ukraine - - -

Ukraine was content with it's normal corrupt government until the Cock brothers invested 14 billion dollars into destabilizing the country. That wasn't bad enough, but the Cock brothers installed a fascist government.

But, yeah, Putin is causing trouble. Got it.

Re:

[superwiz]

You do know that the only reason Russia accused the protests in Ukraine of being fascist is to pre-empt the most obvious comparison between Putin and Hitler. Russia has a text-book to-the-letter fascist regime. Even if Ukraine had some neo-fascist parties (as most Eastern European countries do), they don't even register on the radar when it comes to elections. Putin's invasion of Georgia was already frequently invoking comparisons to Hitler's Czechoslovakia. Ukraine would have been to Putin what Austria

Re:

[Runaway1956]

Whatever you say. I saw the images from Maidan. Skinheads, nazis, and white supremacists. I trust no one who has anything in common with Porkochenko, or that other damned fool from Georgia.

In this conflict, I'll side with the Russians. They may not be "good", but they are less evil than the Cock brothers and associates.

Re:

[superwiz]

Putin sells a lot more oil and wages wars around the world to continue selling oil than all the Koch brothers combined. Oh, there are movies showing people at maidan. I didn't see any skinheads. With so many sources of modern media, the fact that so few purported neonazis were even noticed says that you are way overexposed to a very small pre-selected amount of information. Because the non-skinheads completely dominate and drown out one or two skinheads that some Russian propaganda managed to find (and

Re:

[superwiz]

Honestly, I really don't get how you can bothered by a few crazies planted into a peaceful demonstration in Ukraine who were spouting xenophobic slogans, but you are ok with the RF government turning RF into a fascist state. Why do you care to hate enemies of RF if its biggest enemies are its own government. They are the ones who have turned the country into a prison again.

Re:Russia refuses to police their country

[Anonymous Coward]

Why is it that so much malware and online crime comes from Russia?

It isn't Russia specifically. I see enough malware coming from the US too.
The thing that is new here is that the criminals have realized that neither country gives a shit about what happens to people in other countries. Russia isn't going to bother with criminals that doesn't hurt their own population and they aren't going to let foreign police dick around. This means that by only targeting population in other countries the criminals know that there won't be an investigation.

Re:

[Anonymous Coward]

When it comes from the US it isn't called malware, it's called freedomware, thankyouverymuch.

Re:

[Bearhouse]

Partially true.
The real reason for this is also that the best way to get "disappeared" in pretty much all of the former USSR, (you think Russia is bad - try Belarus), is to piss of either Putin and his cronies or the local mafia.
Often the same thing, of course.
Now, imagine if some boss or his arm candy gets hit by this thing; the authors are going to be found and put to death in some public and painful way pretty fast...

Pot meet kettle

[sjbe]

Why is it that so much malware and online crime comes from Russia?

You could ask the same question about any large country including the United States. Russia in particular has a bit of the wild west going on and I think the authorities there might turn a blind eye if it negatively impacts rival countries.

The country simply refuses to police themselves, even when things are obviously illegal.

You mean like how in the US we have police straight up murdering black people without repercussions? Or how the NSA blatantly violates the constitution? Or how we imprison people in Cuba indefinitely without any trial? Yeah, Russia has some problems but it's not like our poop lacks odor...

I'd support sanctioning Putin directly to prevent him from entering the EU.

Umm, are you aware that Russia supplies much of the EU with huge amounts of oil and gas that cannot be gotten elsewhere quickly? All Putin has to do is shut off a key pipeline or two (which he has done a few times) and it gets awfully cold really fast in some parts of the EU. Furthermore actions like what you suggest are frankly kind of a juvenile response. Putin might be behind all of it (he isn't) but keeping the head of state of Russia arbitrarily out would accomplish very little and would actually do more harm than good in all likelihood.

Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

No it really wouldn't.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bearhouse]

Brilliant. Let's go back to the Cold War and turn Russian into North Korea 2
Thus ensuring that the many, many decent and civilised Russian who rely on the Internet for objective news get walled-off like generations of poor bastards did behind the iron curtain.

Also, If NATO did precisely fucking nothing effective after the annexation of Crimea and the continuing atrocities in Ukraine and now Syria, do you really think they'll do something like you propose about Android Malware?

Re:

[edis]

They are already that, only much more. Whoever was following Russia's activities, taken in response of Ukraine trying to move westwards, could make very rich picture of their omnidirectional efforts to set this back. And with a chunk of "taken back" pieces of Ukrainian soil, they surpassed North Korea by far.

What NATO should do in a country, that is not even a member of that treaty yet? By unlucky chance, abused by Putin in very lucky manner.

Thieves they are.

Re:

[sociocapitalist]

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

According to these sources, America was the leading source of attacks in 2015:
http://www.statista.com/statis... [statista.com]
http://www.enigmasoftware.com/... [enigmasoftware.com]

So be careful what you ask for :-)

Question

[ajarin]

Is that right? owh.... what's kind of malware

And the fix for it is....

[tekrat]

A patch for Android that makes all phones think they are in Russia!

Re:

[OzPeter]

A patch for Android that makes all phones think they are in Russia!

All your phone are belong to us?

iPhone '70

[Thud457]

Just set your phone's system date to 1-1-1970. That way, it doesn't know the Iron Curtain has fallen, and the malwares thinks it can't get into your fone.

Re:

[Chris Mattern]

All your phone are belong to us?

In Soviet Russia, you are belong to all your phones!

Re:

[FatdogHaiku]

Interestingly, the first link really talks mostly about Linux as a target, the word Android is not on the page.
I find this more disturbing than a phone attack... in an "all your base are belong to us" sort of way.

An old trick in a new world..

[evolutionary]

Here...phishy, phishy, phishy, phishy....

How is this even a thing?

[Gumbercules!!]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:

1. Get an SMS with a link in it.
2. Click the link.
3. Get redirected to a website (which Chrome doesn't block).
4. Download an APK from that site.
5. Attempt to sideload it.
6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).
7. Go disable default security options.
8. Sideload the APK.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

Re:

[LordWabbit2]

People who want stuff for free. It's amazing what loops people will jump through to save themselves a couple bucks.

Re:How is this even a thing?

[Killall -9 Bash]

Ever root your android phone? Because unless you really REALLY know what you're doing, you're just downloading things and following instructions (which is why I'm not bothering to root mine).

People who root their phones are doing exactly this, although with (allegedly) non-malware payload.

Re:

[Gumbercules!!]

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

Re:

[Wrath0fb0b]

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

And that package is code-signed by whom?

Because I'll grant that Cyanogen (or ...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.

Re:

[jrumney]

Many of the tools, while they come from regular forum contributors who have built up a reputation for honestly giving owners control over their devices without any dirty tricks attached, are however hosted on some pretty awful ad-malware infested download sites. As long as you can check the GPG signature, you should be fairly safe with the rooting software, but you'd better make sure your browser is up to date and using ad-blocking before you download it.

Re:How is this even a thing?

[CaptSlaq]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link? Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to: 1. Get an SMS with a link in it. 2. Click the link. 3. Get redirected to a website (which Chrome doesn't block). 4. Download an APK from that site. 5. Attempt to sideload it. 6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK). 7. Go disable default security options. 8. Sideload the APK. WHO THE FUCK FALLS FOR THIS SHIT?!?! Seriously? How the hell do people successfully find idiots who will do that kind of thing?

Amazon is already priming the pump for this: Underground and Prime video require sideloading.

Re:

[gstoddart]

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Apparently, quite a few people.

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

For the same reason spam has never gone away, and all those scam calls everybody gets, it's simply a numbers game ... a 1-2% success rate can make it worth doing it. So, those people calling from "teh Microsoft Support", or "Rachael from Cardholder Services", or that "you've won a cruise", or that Nigerian prince scam ... if they didn't pay off, they'

Re:

[apoc.famine]

For the same reason spam has never gone away....it's simply a numbers game.

It is, but I don't think that it's the same numbers game you think it is. My unconfirmed suspicion (because I have no idea how you'd test this theory) is that spam doesn't work. However, it's cheap to send a shitton of it, and there's a fairly low barrier of entry.

Where I suspect spam makes its money is when sleazeballs see spam they, like you, think it's a number's game. At which point they decide to shell out some money to a spammer to spam something. Who is going to spread the word that they tried spammi

Re:

[Big Hairy Ian]

There are plenty of idiots who fall for this kind of shit all the time they're called voters

Re:

[wbr1]

Many cheap Chinese tabs and phones come with sideloading security turned off. They also have adware baked in.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[wkwilley2]

If they weren't out there, everyone in IT would be out of jobs and these problems woudn't exist.

We would actually have to talk about important things like how the government is screwing us everyday.

Re:

[tlhIngan]

Well, the "Allow non-market apps" checkbox is probably checked if the user uses Amazon or Humble Bundle apps, which require sideloading.

And rooting may be done by a user who finds they need to do it in order to install some APK they found on the web. Perhaps to avoid paying the 99 cents on the Play Store so they downloaded it elsewhere for free.

As for clicking the link to the APK and downloading/installing, it's trivial to do. There are categories of apps you can say the APK does that will get people to ins

Re:

[Shawn Willden]

...
8. Sideload the APK.

Don't forget, you also need to disable Verify Apps, the built-in malware scanner.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Hardly anyone, actually. Watch for the "State of Android Security" paper that should come out in the next few weeks for more detail, but the fact is that very, very few Android devices have any malware on them. Last year's numbers, IIRC, were on the order of 0.1% of devices, and that's with a pretty broad definition of "malware" ("Potentially Harmful Apps" is the term Google uses).

Full disclosure: I work for Google, on Andro

Re:

[rsborg]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:

1. Get an SMS with a link in it. ...
8. Sideload the APK.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

I think you underestimate how easily the random user follows directions claiming to give them access to something they normally don't or shouldn't get (i.e., pirated content, pr0n, free money). Combine with strong restrictions from government, corporate or parental overlords and it's fairly easy to scam people to do all sorts of bad things for a free token (because part of the reaction is "fuck this, I deserve free shit")

Good Thinking!

[Bob_Who]

...Clever Estonians

Re:

[Bob_Who]

The revenge against some imperialistic lunatics in Russia for wanting to side-load Estonia?

LOL.... That too!

I was thinking more like, "Putin won't care if we rob the west with malware so long as it never steals a ruble from the motherland."

It was more of a "don't poke the sleeping giant" sort of logic.

Re:

[BronsCon]

It's downmodded because of who posted it. In this instance, I have to say it should be modded up because it's actually useful information (well, 2/3 of it) but, after a tiff with the poster which resulted in me losing a fair bit of karma, I don't have available mod points to correct it; had I not been stabbed in the back, this would not be the case.

Instead, I'll just post (and without the karma modifier that will get my post in front of more eyeballs) to suggest that those with mod points make the correct

Re:

[MobileTatsu-NJG]

Pftbtbt... this isn't real malware because it requires side-loading, and everyone knows that's super dangerous so you should only use the wall^H^H^H^H store. Let's meet over in the next thread so I can tell you about how awesome Android is because you can sideload apps!

Re:

[BronsCon]

Sideloading is both perfectly safe and extremely dangerous at the same time. App I developed myself? Perfectly safe to sideload. Random app off the internet? Dangerous without implicit and properly-placed trust in the developer. App developed by my employer? Well, that depends on the employer and why they want me to install the app, but I'm probably safe there.

God Damn APK

[Anonymous Coward]

This APK guy is a real problem. First he fucks up Slashdot with his spam and now he's highjacking Android phones all over the world? This is just unacceptable!

Don't open crap

[p51d007]

I block crap I don't know who its from, simple as that.