Mazar Android Bot: Threat or Not? Quick Threat Identification and Assessment Example
Get Trending Threat Insights with Cyber Daily Subscribe Today

Mazar Android Bot: Threat or Not? Quick Threat Identification and Assessment Example

November 20, 2015 • Levi Gundert

On Monday, November 16 we released a white paper detailing the facets of a world-class enterprise threat intelligence capability. Proper identification and analysis of a threat’s relevance to the business is the fundamental responsibility of fulfilling a mandate to reduce operational risk.

A timely example of one such threat appears on the web in a recent Russian language post (a cyber crime forum) advertising the Mazar Android bot.

Mazar Android Bot Timeline

Click image for larger view.

At first glance, this bot appears to intercept SMS messages on victims’ phones and specifically mentions Sberbank.

Mazar Android Bot

Mazar Android Bot

Mazar is a city in Northern Afghanistan and also a Muslim shrine. Beyond the meaning of “Mazar,” significant time is needed to understand if the forum post author is credible, and if the actual bot and/or control panel can be located “in the wild.”

Depending on the first round of answers, derivative questions crop up, such as, if this bot is in fact legitimate, will it affect our employees or customers? Will it affect competitors in our industry? Are there currently any customers reporting fraud that includes the mobile channel? If current fraud is absent, is this a threat that deserves broad business awareness?

Time is our most valuable asset and sometimes funds are the better trade-off to solve problems like the above when potential threats appear daily in a volume that few organizations can manage.

New call-to-action

Related Posts

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

October 14, 2021 • Ellen Wilson

As threat actors continue to expand their attack surface - with cloud systems and supply chain...

How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool

How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool

September 14, 2021 • Jake Munroe

Throughout history there are many examples of inventions created with good intentions (and maybe...

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

May 13, 2021 • Trevor Lyness

The dark web is often portrayed as vast, mysterious, and out of reach for companies without...