This Scary Android Bug Could Erase Your Phone

Today, we have your periodic reminder not to click on strange links from strange people, or bad things could happen. The BBC reports that a powerful piece of Android malware dubbed Mazar has begun circulating in Denmark. The malware can take over administrator rights on your phone, which lets it do anything: make calls, read your private text messages, or even wipe your handset completely. The malware comes by way of a harmless appearing multimedia link in a text message. What the link actually does is download Tor, a system for browsing the web anonymously. Once that's installed, the malicious code is downloaded over Tor. Why the extra step? Tor keeps Mazar's source hidden, which makes it more difficult to track where this code is coming from in the first place. Security firm Heimdal estimates that around 100,000 phones have received the malicious text so far. For it to be downloaded, you'd need to click the link, and also have switched off a default device setting to only download software from trusted sources. With the latter setting in place, Mazar would not be able to download itself to your phone, even if you did accidentally tap the link. The Android platform is no stranger to malicious bugs. This past summer, the Stagefright bug threatened over 950 million Android users before Google patched the vulnerability. iPhone owners are also increasingly a target for spam and malware — often through text messages like this. Strangely, the Mazar bug can't be installed on Android phones with Russian as their default setting. But we don't recommend switching your phone's language if you're worried about this fairly isolated bug. Just be careful when texting with strangers, and double check your phone's security settings.