Marcher Android Banking Malware Made to Attack Multiple Applications - How to, Technology and PC Security Forum |

Marcher Android Banking Malware Made to Attack Multiple Applications

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Infections by a trojan, called Marcher, that hijacks applications via privilege escalation techniques has been reported to cause an immense amount of data collection and in the same time remaining undetected by security software.

The trojan has been reported by Softpedia researchers to be causing the infection via sending out phishing SMS messages as a part of the attack. These messages have an embedded web link that leads to a fraudulent version of an application that is popular, similar like an SMS advertisement. Once the user taps on this web link, the infection gains certain privileges. This happens by the app connecting you to a fraudulent Google Play Store site whose content is not safe. From there a fake app is downloaded which gains permissions by requesting them from the user.

Besides the admin privileges, the Marcher virus also obtains read and write permissions and can even tap onto the user’s call. The virus keeps notifying the user until he or she accepts the permissions and they are an unusual amount.

After the infection, the Marcher virus has been coded to perform an authentication via SMS forwarding, which most banks send out on the phones via the apps. It also has mechanisms that allow it to make a customized fake Window when a banking application has been run on a given Android device. The phishing Window is rather the same as most of the applications for banking out there, some of which are:

  • ErsteBank
  • Volksbank
  • Bank Austria
  • ING
  • DiBA Banking
  • Brokerage
  • Raiffeisen
  • DKB Banking
  • Santander
  • MobileBanking
  • Barclays
  • Lloyds Bank
  • Halifax
  • HSBC
  • Bank of Scotland
  • Banco de Brasil
  • ING Direct Australia Banking
  • PayPal
  • Garanti

There are also applications targeted that support online payment, like the Play Store, Facebook and other social media apps.

How Do I Protect Myself?

Since this virus uses a very dangerous evasive and obfuscation techniques that can bypass most Android protection phones, we advise you to avoid using such applications in the future and mostly use PC’s with a more secure OS (Linux, for example) to perform your online transactions. You can also get a separate phone that has a SIM card only for mobile internet and use it only for transactions. You can also secure the phone additionally by adding different applications, like BetterGuard mobile security app, for example.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share