Mazar Android Bot: Threat or Not? Quick Threat Identification and Assessment Example

Mazar Android Bot: Threat or Not? Quick Threat Identification and Assessment Example

November 20, 2015 • Levi Gundert

On Monday, November 16 we released a white paper detailing the facets of a world-class enterprise threat intelligence capability. Proper identification and analysis of a threat’s relevance to the business is the fundamental responsibility of fulfilling a mandate to reduce operational risk.

A timely example of one such threat appears on the web in a recent Russian language post (a cyber crime forum) advertising the Mazar Android bot.

Mazar Android Bot Timeline

Click image for larger view.

At first glance, this bot appears to intercept SMS messages on victims’ phones and specifically mentions Sberbank.

Mazar Android Bot

Mazar Android Bot

Mazar is a city in Northern Afghanistan and also a Muslim shrine. Beyond the meaning of “Mazar,” significant time is needed to understand if the forum post author is credible, and if the actual bot and/or control panel can be located “in the wild.”

Depending on the first round of answers, derivative questions crop up, such as, if this bot is in fact legitimate, will it affect our employees or customers? Will it affect competitors in our industry? Are there currently any customers reporting fraud that includes the mobile channel? If current fraud is absent, is this a threat that deserves broad business awareness?

Time is our most valuable asset and sometimes funds are the better trade-off to solve problems like the above when potential threats appear daily in a volume that few organizations can manage.

New call-to-action

Related Posts

Automate Security Response With Cortex XSOAR and Recorded Future

Automate Security Response With Cortex XSOAR and Recorded Future

November 25, 2020 • The Recorded Future Team

Adversaries are using automation to scale their efforts and increase their success rates Staying a...

Security Intelligence Handbook Chapter 3: The Security Intelligence Lifecycle

Security Intelligence Handbook Chapter 3: The Security Intelligence Lifecycle

November 24, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of...

How to Apply Elite Intelligence to AWS Security Services

How to Apply Elite Intelligence to AWS Security Services

November 20, 2020 • The Recorded Future Team

Threat intelligence is a powerful tool to detect nation state-level activity, however many...