MazarBOT is a a new type of malware that has been discovered attacking Android phones, but the odd thing is, you are safe if you live in Russia. If you are not a resident, be wary of text messages with links.

Peter Kruse, a partner and security expert at security company CSIS, posted a detailed report of the activities of Mazar Android BOT, otherwise known as MazarBOT.

This is a malicious Android malware application (APK) that first came to light late last year when it was discovered being sold on Russian underground websites. It was up for sale on the Dark Web.

The method of attack use by MazarBOT is fairly common social engineering and people receive an SMS text message on their Android phone that says you have a multimedia message. You cannot see it, so you are asked to follow the link provided to view it.

Security savvy people know not to tap links in strange SMS messages from unknown people unless you are absolutely sure you know who the message is from and that it is safe, but some people are still caught out by this type of scam. If people are told to follow a link, some will do as requested.

Tapping the link downloads and runs the malware, which pretends to be an MMS messaging app judging from the screen. The malware then downloads another app to install TOR, a system for obscuring internet activity and make it untraceable.

The malware is able to send and read SMS messages and calls, read the phone state, erase the phone, open a back door to control the phone, inject itself into the Chrome browser and more.

An SMS is sent to a number in Iran by MazarBOT and this includes your location data.

Interestingly, the malware does not install and run if you are located in Russia.

For a very detailed report of this serious Android malware, go to MazarBOT: Top class Android datastealer

 Safety rules for Android users: Never tap links in SMS messages or in emails. Always get your apps from the Google Play Store.