Jump to content

Recommended Posts

Posted

Many other popular Android apps targeted as well

 

7790c9f7377c5e10678be3b583395a17.png

 

The Android trojan known as Marcher has received an update which now allows it show fake login screens and steal credentials for various popular Android apps.

 

Android Marcher appeared on the mobile malware scene in 2013 and initially had the capability of showing a fake screen on top of the Google Play Store app whenever the user started that application.

 

This screen asked the user to enter his credit card details, which the malware collected and sent to a C&C server.

 

Later in 2014, the crooks added the ability to phish for banking credentials, mostly from financial institutions in Australia, France, Germany, Turkey and the US.

 

Marcher update expands targeting capabilities

 

An update detected by mobile security firm Zscaler has revealed that in recent weeks, the trojan has added more items on its target list.

 

This time around the trojan's creators focused on popular Android apps instead of banking applications.

 

Marcher can now collect login credentials by showing a fake login screen whenever the user starts one of these apps: WhatsApp, Viber, Skype, Facebook, Facebook Messenger, Instagram, Twitter, Gmail, Line, UC Browser, Chrome, and the Play Store.

 

As most malware these days, the stolen data is sent to an online server under the crook's control.

While previously this data was transmitted in cleartext via HTTP, recent Marcher versions send it encrypted via an SSL-protected channel.

 

Infections occur via fake Android security updates

 

This most recent Marcher version reaches Android devices via fake app stores, but Zscaler has also detected crooks using non-official Google domains to spread the malware packed as a fake Android firmware security update.

 

In the past, the Marcher crew used to pack the trojan as Adobe Flash Player updates (which Android devices don't need or support), and via SMS and email spam.

 

"These frequent changes clearly indicate active malware development that is constantly evolving -- making it the most prevalent threat to the Android devices," says Zscaler's Viral Gandhi.

 

Users should not install applications from outside the Play Store, even if the Play Store itself has been plagued with malware.

The chances of getting infected with malware are much lower via Play Store apps.

 

f7dbb0ac71c46a04e55d76ad7ebe3ca0.png

Rogue website delivering Android security update infected with Marcher

 

 

 

Source:

http://news.softpedia.com/news/marcher-android-trojan-can-steal-logins-from-facebook-whatsapp-skype-gmail-507497.shtml

76c90dd0e79a714317a8daeecc1584d2.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...