Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Marcher Android Banking Malware Made to Attack Multiple Applications

Infections by a trojan, called Marcher, that hijacks applications via privilege escalation techniques has been reported to cause an immense amount of data collection and in the same time remaining undetected by security software.

The trojan has been reported by Softpedia researchers to be causing the infection via sending out phishing SMS messages as a part of the attack. These messages have an embedded web link that leads to a fraudulent version of an application that is popular, similar like an SMS advertisement. Once the user taps on this web link, the infection gains certain privileges. This happens by the app connecting you to a fraudulent Google Play Store site whose content is not safe. From there a fake app is downloaded which gains permissions by requesting them from the user.

Besides the admin privileges, the Marcher virus also obtains read and write permissions and can even tap onto the user’s call. The virus keeps notifying the user until he or she accepts the permissions and they are an unusual amount.

After the infection, the Marcher virus has been coded to perform an authentication via SMS forwarding, which most banks send out on the phones via the apps. It also has mechanisms that allow it to make a customized fake Window when a banking application has been run on a given Android device. The phishing Window is rather the same as most of the applications for banking out there, some of which are:

  • BAWAG
  • ErsteBank
  • Volksbank
  • Bank Austria
  • ING
  • DiBA Banking
  • Brokerage
  • Raiffeisen
  • DKB Banking
  • Santander
  • MobileBanking
  • Barclays
  • Lloyds Bank
  • Halifax
  • HSBC
  • Bank of Scotland
  • Banco de Brasil
  • ING Direct Australia Banking
  • PayPal
  • Garanti

There are also applications targeted that support online payment, like the Play Store, Facebook and other social media apps.

How Do I Protect Myself?

Since this virus uses a very dangerous evasive and obfuscation techniques that can bypass most Android protection phones, we advise you to avoid using such applications in the future and mostly use PC’s with a more secure OS (Linux, for example) to perform your online transactions. You can also get a separate phone that has a SIM card only for mobile internet and use it only for transactions. You can also secure the phone additionally by adding different applications, like BetterGuard mobile security app, for example.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.