Malware Mazar is wiping out all the data on Android phones from infection with a single text message.
Mazar arrives as a seemingly harmless multimedia message, while in the background malicious Tor software downloads on to the phone.
Tor, an anonymous internet browser, takes over administrator rights to control the phone to allow remote internet connections.
The software can then send more messages or make undetected calls.
Mazar is triggered by following a link in a text which reads: “You have received a multimedia message from +[country code] [sender number]. Follow the link [url] to view the message.”
Cyber security experts at a firm called Heimdal have tracked Mazar to more than 100,000 phones, mainly in Denmark and Scandinavia.
Banking data targeted
But in a clue to the bug’s origins, the software will not install on phone’s with Russian set as the default language.
Investigators at Heimdal believe Mazar’s main target is to access banking and other security details from a phone.
“Tor allows someone to use the phone anonymously in lots of ways,” said a spokesman for the firm.
“They can use the phone to access premium number web sites, send texts, read any data on the phone and even reformat the SIM card.
“If the hacker runs up a bill, the phone owner is liable.”
Dark Web trojan takes over phones
Heimdal says the best protection is not to click on any links received in a text, even if you know who the text is from, because the hackers could have taken over your contact’s phone.
The spokesman also stated that Mazar code was for sale on the Dark Web.
“Antivirus software finds the malware difficult to detect because the code is hidden by Tor,” said the spokesman.
Google, which develops Android software, cautioned phones could face Mazar security breaches, but explained the risk was small.
“More than a billion devices run Android and hundreds of millions of security scans are run every day to try to detect malicious software,” said a spokesman.
“In 2014, few than 1% of devices were attacked by a harmful app and only 0.15% were related to installation from Google Play.”