Mazar Bot is hidden in mutimedia messages, and gains admin rights on a user's phone to read banking OTP text messages.
Reports are emerging that a new Trojan on the Android platform is capable of wiping your smartphone, but not beofre stealing your banking information.
Mazar Bot, as it is called uses multimedia messages with a hidden payload. Once you read the message, the Trojan is installed and gains administrator rights. That can give the virus the ability to do pretty much anything, but here's the kicker. What it does is scan your incoming SMS messages, thereby gaining randomly generated passwords and codes used to carry out transactions from your online banking account, part of the two-factor authentication traditionally in place.
According to The Register, security specialists at Heimdal Security warn that the Trojan is masquerading as a banking helper, and is being advertised for sale on various websites. The in addition, the code first showed up on websites in the Dark Web, and uses a TOR connection to carry out attacks.