Wednesday, March 13, 2019
Home / Mobile / Malware / Marcher banking trojan overhauled, targeting UK banks

Marcher banking trojan overhauled, targeting UK banks

Marcher, which is sold on underground Russian forums for around $5,000, is an Android banking Trojan that’s been available since late 2013. The malware was first made to display phishing webpages on top of Google Play to fool users into passing over their bank card information.

Although, in March 2014, a new variation of the malware had been identified targeting banks in Germany. The list of targeted nations was eventually broadened to incorporate France, Poland, Turkey, the United States, Australia, Spain, Austria and many others.

IBM Security experts happen to be tracking the mobile banking Trojan and found that, in late May, its writers included nine leading banks in the U.K. to the roster of targets.

Aggregating Marcher configurations permits us to see a its top desired geographies.

Marcher targeting countries listed below:

Marcher targeted countries

The Trojan has been overlaying screens to acquire details from victims. Many times, the overlay screens are personalized for the targeted bank and are hardcoded or fetched from a server by the malware.

Even though the Trojan has mainly targeted mobile banking apps, it also has the ability to steal info from payment, airline, e-commerce and direct marketing apps.

Current list of applications the Trojan is targeting:

marcher targeted apps

As opposed to other Android banking malware, Marcher doesn’t only focus on apps. The phishing screens are visible both on top of financial apps and the bank’s website when individuals access it in an internet browser. Analysts found overlay displays being shown over Austrian and Australian financial websites.

Marcher also has the ability to intercept SMS messages and phone calls, which can be ideal for a few things. First, it permits attackers to forward messages and phone calls which contain info sent to the user by the bank’s two-factor verification system. Additionally, by getting control of SMS and mobile call applications, criminals could make calls and send messages to premium rate numbers to create an extra money source.

To stop yourself from being a victim, you can install any popular Android antivirus app.

About Kyle

Co-owner, writer and editor at Zerosecurity. Security and tech enthusiast. Programmer. Music lover and avid festival goer.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …