large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Beware this text message that could erase your Android phone

Android users are being warned to beware a text message that could wreak havoc with their Android phone.

The text message in question contains a link to an APK (Android Application Package) that, if installed, will give the people behind the malware administrator rights to the victim’s device. This will let the attackers send SMS from your phone, have access to your internet browser, make calls, read your text messages (and hence read authentication codes sent as part of two-factor authentication mechanisms used by online banking sites) and erase everything on your device.

So not good.

The text message in question – via Heimdal Security Blog – looks like this (with some details redacted): “You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.”

If you see this message, delete it immediately.

The malicious APK has been identified as the Mazar Android Bot. It was previously seen in another guise in November of last year.

It works by installing Tor on your phone, then unpacking and running it in order to connect to a server. It then sends a text message that reads simply “Thank you”. But this SMS includes your device’s location data.

Strangely, the APK won’t run on Android phones using the Russian language option.

Read more: New Android malware almost impossible to remove

So what do the experts advise? You should never click links in SMS or MMS messages. Go to Settings > Security and make sure the Unknown Sources option is turned off – this will stop your phone installing apps from anywhere other than Google Play. You shouldn’t use unknown and unsecured wi-fi hotspots, you should install a VPN on your phone, and install an antivirus.

Stay safe.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.