Marcher Android Banking Malware Made to Attack Multiple Applications

Infections by a trojan, called Marcher, that hijacks applications via privilege escalation techniques has been reported to cause an immense amount of data collection and in the same time remaining undetected by security software.

The trojan has been reported by Softpedia researchers to be causing the infection via sending out phishing SMS messages as a part of the attack. These messages have an embedded web link that leads to a fraudulent version of an application that is popular, similar like an SMS advertisement. Once the user taps on this web link, the infection gains certain privileges. This happens by the app connecting you to a fraudulent Google Play Store site whose content is not safe. From there a fake app is downloaded which gains permissions by requesting them from the user.

Besides the admin privileges, the Marcher virus also obtains read and write permissions and can even tap onto the user’s call. The virus keeps notifying the user until he or she accepts the permissions and they are an unusual amount.

After the infection, the Marcher virus has been coded to perform an authentication via SMS forwarding, which most banks send out on the phones via the apps. It also has mechanisms that allow it to make a customized fake Window when a banking application has been run on a given Android device. The phishing Window is rather the same as most of the applications for banking out there, some of which are:

  • ErsteBank
  • Volksbank
  • Bank Austria
  • ING
  • DiBA Banking
  • Brokerage
  • Raiffeisen
  • DKB Banking
  • Santander
  • MobileBanking
  • Barclays
  • Lloyds Bank
  • Halifax
  • HSBC
  • Bank of Scotland
  • Banco de Brasil
  • ING Direct Australia Banking
  • PayPal
  • Garanti

There are also applications targeted that support online payment, like the Play Store, Facebook and other social media apps.

How Do I Protect Myself?

Since this virus uses a very dangerous evasive and obfuscation techniques that can bypass most Android protection phones, we advise you to avoid using such applications in the future and mostly use PC’s with a more secure OS (Linux, for example) to perform your online transactions. You can also get a separate phone that has a SIM card only for mobile internet and use it only for transactions. You can also secure the phone additionally by adding different applications, like BetterGuard mobile security app, for example.


Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share