Home GoAndroid Marcher Malware Hitting More Retail Apps on Android

Marcher Malware Hitting More Retail Apps on Android

Jun 25, 2017

We told you a while back about the Marcher malware that was hitting Android devices. Previously, the Marcher malware was pretending to be a fake Adobe Flash Player update. Now, this malware is evolving to include the ability to steal various login credentials from popular retail stores, and it is also targeting more banking apps. If you have an Android device, read on to learn more about Marcher malware and how this Trojan virus has been evolving over the past few months.

Marcher Malware Can Steal Retail Login Credentials on Android

The biggest threat with the Marcher malware at this point is that it is now targeting retail stores and the login credentials for those retail stores on Android devices. Marcher is a Trojan you know of because we told you about the threat as it would pop up as a fake Adobe Flash Player update. This malware is now getting even more creative on Android, moving past acting like the fake Super Mario Run as it did earlier this year.

There is a new trick with the Marcher malware now, which is that it is using links for various new games and also various adult content. The adult content obviously would be in the more pornographic nature, often acting like it is a adult-oriented video. While it is true that these new games and adult-oriented content are not found on Google Play Store, it is still causing a huge issue because the malware is on third-party App Stores and websites.

Once the Android user has been duped into downloading the fake app, you get that same fake window alerting you that you need to download an update for Adobe Flash Player. Once you click on that to download the fake Adobe Flash update, the code of malicious intent is then delivered into your Android device. At that point, your Android device is infected with the Marcher malware.

Why Marcher Malware is Bad News

When you think about why Marcher malware on Android is so bad, there are quite a few issues that cause this to be a big deal. The biggest thing is that the Marcher malware disables the various security on the device, and then the icon will no longer be on the screen. You will then open the app and the device information is then sent out to what is known as a Control Center. From there, fake login webpages are created for the various apps, such as Yahoo, Google, Facebook, Walmart, PayPal, Chase Bank, TD Bank, and Amazon.

Once the fake login pages are created, the user will enter their information as they normally would, but you are not entering the login credentials on the real app. The fake app looks identical to the real app, so it is very hard to tell you are being duped. Obviously, the hackers having your login information to sensitive financial places like banks, retail stores, and the like is bad news for you. The hackers will have access to your accounts online, and from there, can do anything they want.

There were about 1.3 billion people who had an Android device at the last count, which was about a year ago, so that number has likely grown significantly since. If you think about the fact that 1.3 billion people have an Android device, you can imagine the headache and horror of that many people having an infected app on their device stealing their personal and financial information.

Since more people own Android, the fact that malware is being created and possibly put out to this extent is really a problem for those developing Android apps. Since Android as an operating system is easier to get into than iOS, that is why we are seeing so many hackers target the system. The ease of getting into Android is so easy, and not to mention that Android has significantly more people using it.

Protecting yourself from the malware like Marcher is still fairly easy to do, and requires little more than some common sense. Simply do not download apps from third-party app stores, and that will solve a lot of the problem. You also should ensure that when you download an app from Google Play Store that you read the reviews, you look at the developer website and make sure that the developer is a legit Android app developer before downloading any app.

You want to do your homework when it comes to the apps on Android, especially if you are someone who is new to technology and new to the Android system overall. Putting anti-malware and anti-virus programs on your Android device will also help control the ability for things like Marcher to get onto your device, and it will alert you if the app is suspected of being fraudulent or a Trojan.

  • Malware has been the real and important issue to the Google hitting various users in the application now in retail application. Google should address this issue maturely and take instant action for blocking these malware in the various applications.