Home GoAndroid Android Trojan Marcher Continuing Attacks Using SMS

Android Trojan Marcher Continuing Attacks Using SMS

Feb 13, 2017

The Android banking Trojan known as Marcher has been out for a while now. Attacks though are beginning to increase on Android devices, and now phishing attacks are happening through MMS and SMS messages. If you have an Android device, you might want to read more to learn about how the Marcher banking Trojan is growing and evolving into a real issue for Android.

Android Trojan Marcher Increasing Attacks

It was only a few days ago that the Android banking Trojan known as Marcher began attacking Android devices through a fake Super Mario Run game. Now it appears that Marcher is getting even more brazen and evolved as it is increasing the attacks through MMS and SMS. These attacks are leading to privileges being given to the hackers that could ruin your Android device.

In the phishing scam, a fake window is put over the top of your real banking app, and that is how the hackers are gaining access to your financial information. You think you are putting in your credentials to your banking website, when in reality you are putting your information in the fake window and your information is being stolen.

All of this happens without any virus protection or software being able to catch onto the Marcher Trojan. The Securify researchers say that the phishing attacks through MMS and SMS are the beginning of the attacks. The attacks will give you fake versions of apps you use all the time, such as Netflix or WhatsApp. There is a link in the MMS or SMS message, but instead of that link directing you to Google Play; it actually goes to a third-party store. If your Android device has the third-party store option disabled, then you will not end up at the third-party website. However, if you have third-party apps and stores enabled on your Android device, you are taken to this website where fake apps are downloaded and installed on your device.

Once these fake apps are downloaded onto your device, Android privileges are then asked. These are not the normal privileges you would see for these apps. Some of these privileges are admin for the device, and that really should set off a warning, but most people still do not think that is an issue. Other privileges are internet permissions and the read and write options on SMS. The app will bother you if you first decline to give these privileges, and then at a certain point, you end up doing it to get the app to stop asking.

Marcher then will continue to run in the background and control your Android device as the admin. The main goal of Marcher is to get your banking information using the SMS forwarding option. Overlaying fake windows overtop of the normal windows on apps is also a goal, and both of these things are done quickly once the app has been downloaded and installed and the permissions are granted. Your information is then stolen and either used to get money of your account or it can even be sold through the internet. All of your credit or banking information such as account numbers are part of this, and you will never get any warning signs you are entering this information into the overlay apps.

There are a ton of banking apps that are targeted with Marcher. Some of them include PayPal, BAWAG, Citi Mobile, Barclays, and Garanti. Some of these banks are located within the United States while other banks are out of the country in Austria and Australia. Overall, there are 117 banking apps that are targeted in the Marcher Trojan. Beyond that, Instagram, Google Play Store, WhatsApp, Netflix, Gmail, Amazon Shopping, Viber, and Facebook are all targeted as well due to the credit card information that could be on these apps.

Security companies like Bitdefender have come out to say that there is not much that you can do or the security companies you can do to stop Marcher on your Android device. The main thing is to never install or download any apps from third-party app stores. Only use the official Google Play Store to download and install apps. You also should check app reviews and check up online to see if people have reported the app to the community if you think there might be an issue.