Skip to main content

New Android malware sweeps through Denmark

New Android malware sweeps through Denmark

Share this story

A new virus is hitting Android phones in Europe, uncovered by Heimdal Security. Called Mazar, the virus spreads through texts and, once installed, forwards all web traffic through a malicious proxy, allowing attackers to harvest sensitive details from the user's web activity. Heimdal tells the BBC the malware has already been sent to as many as 100,000 phones in Denmark, although it's difficult to say how far Mazar has spread from there. Notably, the virus is set to avoid any phone with the language set to Russian, possibly as a gesture to pacify Russian police.

The app relies on a number of bad security practices to spread. The virus arrives in a SMS message, and if users simply refuse to follow the link in the message, they will be entirely safe. Even once the link has been clicked, the virus can't install unless the user allows software from outside the Google Play Store, something most security guides advise against. The effects have only been verified for phones running Kit Kat versions of Android, but likely persist in older models.

Still, that doesn't seem to have slowed the spread of the Mazar virus, or helped the security firms trying to catch it. According to a scan on VirusTotal, only three of the top 54 virus databases detected the but on a scan. Now that Heimdal has gone public with its results, hopefully we'll see that number begin to rise.