Click to Skip Ad
Closing in...

One seemingly innocuous text message can wreck your Android phone’s security

Published Feb 16th, 2016 1:52PM EST
Android SMS Malware Attack Mazar Bot

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There are plenty of malicious apps and bugs out there that are capable of doing irreparable harm to mobile devices, regardless of operating system. Only a few days ago, a strange “1970” bug capable of bricking iPhones was discovered, but Apple says that it’s going to fix it in a future update. On the other side of the aisle, researchers have found a new Android malware threat that can affect any device and it uses only a simple text message to destroy your phone’s security.

DON’T MISS: Grammys 2016: A complete list of all the big winners (and losers)

Experts from Heimdal found a text message that tells receivers that they have an MMS message from an unknown contact. The message includes a link where the receiver can view the message, but it’s actually a link to an app.

This is what such a malicious message would look like: “You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.”

Clicking on this link will install the official Tor app onto your phone, which allows hackers to gain access to your phone. Furthermore, a message to a number in Iran is also automatically sent from your number, with the words “Thank you” in it.

From there, Yahoo reports, hackers can erase the device, send SMS messages and make calls. The backdoor can be used to spy on phone owners, and even break two-factor authentication. Thus, hackers could target someone with such messages to steal access to online banking apps and credentials for other websites.

What can you do to avoid it?

“First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security product dedicated to this OS are not nearly as effective as they are on computers,” Heimdal says.

If you think you may have inadvertently clicked on one of these malicious links, then make sure you change passwords to all your services and consider having your phone inspected and reflashed by a security expert.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.