MazerBOT Targets Android Phones – Unless They’re In Russia

Malware, or malicious software, includes everything from your pop-up ads to opening doors for full-scale hacks to companies. Taking a trip the malware museum shows you how software like Dridex can not only threaten banking systems but also your everyday smartphone. The latest malware on the Net is called MazarBOT and has a unique feature, it won’t install itself if you are in Russia.

MazarBOT has been seen advertised on certain forums for a few months now but was never actually seen in use, until now. MazarBOT is a nasty piece of software that takes control of your android phone, with a specific focus on people who use their phone for online banking. Peter Kurse, IT security expert and founder of CSIS Security Group, did a deep investigation into the problem discovering more about this malware.

By sending a “swarm” of SMS’s to random phone numbers to Denmark, the software has started to spread by sending a message with a link to the android package file, the contents of which are none other than MazarBOT. Able to intercept text messages, including those with two-factor authentication codes, MazarBOT is a nasty piece of work, sending your phone’s location to a number (starting with Iran’s country code) upon successful installation.

Upon detecting that the phone is in Russia though the malware will stop installing, this is initially thought to be in order to avoid drawing the wrath from Russia’s security services.

White Hat Hacker Tweaks Dridex Malware to Distribute Antivirus Software

The Dridex banking malware has been a huge headache for a large part of the financial and technology industries, but it seems there’s a white knight out there looking to turn the tables on this pesky infection. After a mysterious hijacking of the virus distribution servers, they’ve now started dealing out legitimate installers for Avira Free Antivirus, thus helping to remove the infection from systems and hopefully clearing up a few other issues along the way. The bonus being that anyone stupid enough to fall for the infection in the first place could technically come out cleaner on the other side.

The malware is most often spread through spam messages and malicious Word documents. Being one of the three most widely used trojans in the world, the malware targets online banking users and steals information before feeding it back to a server where it can be used to take money, as well as other information from your accounts. Agencies in the UK and US managed to disrupt the botnet last year, even going as far as indicting a man in Moldova who they believe was responsible for the attacks, but it did little, if anything, in the long run to prevent the botnet from distributing the software.

Researchers at Avira recently noticed that the Dridex distribution servers begin pushing an up-to-date Avira web installer instead of the trojan, which is obviously a great step in combatting the problem, although how long this will last remains to be seen.

“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira, via email. “This is certainly not something we are doing ourselves.”

The only theory that makes sense so far is that a white hat hacker has hijacked their servers and tried to turn the tables.

“I really think it is a hacker who has discovered how to do a good thing but perhaps with not strictly legal methods,” Kroll said. “If you think about it, there was a huge media announcement when Dridex was ‘taken down’ by the government authorities and a much smaller level of reporting on its return to the marketplace. That has got to be frustrating to some and might cause them to think: ‘The government tried to take it down, they could not, I can do something myself’.”

Either way, anything that slows this nasty bit of software is a good thing!

NCA Warning After Hackers Steal £20 Million from UK Bank Accounts

The UKs National Crime Agency have urged the people of Britain to ensure they take adequate measures of online security after a significant strain of malicious software allowed criminal hackers to steal an estimated £20 million from UK bank accounts.

The highly skilled malware developers are thought to be based in Eastern Europe. The details that are collected are then exploited to steal money from individuals and businesses globally. The NSA has reported one significant arrest in relation to the multi-million pound scam. However, only after thousands of computers had already been infected by the Dridex malware known as Bugat and Cridex, with the majority of computers being Windows based machines.

Computers can become infected with the virus when users open documents in emails they believe to be legitimate. I myself have recently received emails proclaiming to be from PayPal stating: “Your PayPal account has been limited! Take a few moments to confirm your information. After you do, you can shop online and send money using your account.” After checking PayPal directly (not through the given link) I establish that there was no such limitation on my account.

To avoid becoming an unwilling victim of the costly Dridex malware the National Crime Agency is encouraging all internet users to ensure they have up to date operating systems and anti-virus software installed on their machines, to protect themselves from further cybercrime attacks. The NSA also urged users to visit the CyberStreetWise and GetSafeOnline websites where they state there is a number of anti-virus tools are available to download to help clean up infected machines; these sites also are a great way to gain further advice on how to protect yourself in the future.

Mike Hulett, Head of Operations at the National Crime Agency’s National Cyber Crime Unit said:  “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”

What measures do you take to ensure your online security? Let us know down in the comments below.

Thank you National Crime Agency for providing us with this information.