Mazar Android Bot: Threat or Not? Quick Threat Identification and Assessment Example

November 20, 2015 • Levi Gundert

On Monday, November 16 we released a white paper detailing the facets of a world-class enterprise threat intelligence capability. Proper identification and analysis of a threat’s relevance to the business is the fundamental responsibility of fulfilling a mandate to reduce operational risk.

A timely example of one such threat appears on the web in a recent Russian language post (a cyber crime forum) advertising the Mazar Android bot.

Mazar Android Bot Timeline

Click image for larger view.

At first glance, this bot appears to intercept SMS messages on victims’ phones and specifically mentions Sberbank.

Mazar Android Bot

Mazar Android Bot

Mazar is a city in Northern Afghanistan and also a Muslim shrine. Beyond the meaning of “Mazar,” significant time is needed to understand if the forum post author is credible, and if the actual bot and/or control panel can be located “in the wild.”

Depending on the first round of answers, derivative questions crop up, such as, if this bot is in fact legitimate, will it affect our employees or customers? Will it affect competitors in our industry? Are there currently any customers reporting fraud that includes the mobile channel? If current fraud is absent, is this a threat that deserves broad business awareness?

Time is our most valuable asset and sometimes funds are the better trade-off to solve problems like the above when potential threats appear daily in a volume that few organizations can manage.

Related Posts

Endpoint Security in Action: How Security Intelligence Provides Protection for Endpoints

Endpoint Security in Action: How Security Intelligence Provides Protection for Endpoints

January 22, 2020 • The Recorded Future Team

The majority of successful IT infrastructure breaches originate at endpoint devices An attack may...

How to Empower Your SOC With Security Intelligence

How to Empower Your SOC With Security Intelligence

January 21, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’ll be sharing excerpts from the newly released...

How Security Intelligence Enhances Cloud Security

How Security Intelligence Enhances Cloud Security

January 16, 2020 • The Recorded Future Team

As cybercriminals continue to target the resource-rich cloud environment, security teams...