Infections by a trojan, called Marcher, that hijacks applications via privilege escalation techniques has been reported to cause an immense amount of data collection and in the same time remaining undetected by security software.
The trojan has been reported by Softpedia researchers to be causing the infection via sending out phishing SMS messages as a part of the attack. These messages have an embedded web link that leads to a fraudulent version of an application that is popular, similar like an SMS advertisement. Once the user taps on this web link, the infection gains certain privileges. This happens by the app connecting you to a fraudulent Google Play Store site whose content is not safe. From there a fake app is downloaded which gains permissions by requesting them from the user.
Besides the admin privileges, the Marcher virus also obtains read and write permissions and can even tap onto the user’s call. The virus keeps notifying the user until he or she accepts the permissions and they are an unusual amount.
After the infection, the Marcher virus has been coded to perform an authentication via SMS forwarding, which most banks send out on the phones via the apps. It also has mechanisms that allow it to make a customized fake Window when a banking application has been run on a given Android device. The phishing Window is rather the same as most of the applications for banking out there, some of which are:
- Bank Austria
- DiBA Banking
- DKB Banking
- Lloyds Bank
- Bank of Scotland
- Banco de Brasil
- ING Direct Australia Banking
There are also applications targeted that support online payment, like the Play Store, Facebook and other social media apps.
How Do I Protect Myself?
Since this virus uses a very dangerous evasive and obfuscation techniques that can bypass most Android protection phones, we advise you to avoid using such applications in the future and mostly use PC’s with a more secure OS (Linux, for example) to perform your online transactions. You can also get a separate phone that has a SIM card only for mobile internet and use it only for transactions. You can also secure the phone additionally by adding different applications, like BetterGuard mobile security app, for example.