SAT News: Android Marcher Malware Steals Financial Info

Marcher is a sophisticated banking malware that steals users' financial information, such as online banking credentials and credit card details. The newest iteration is being disguised as an Adobe Flash player update along with social engineering techniques to trick the user into disabling security features and allowing third-party apps to install.

Upon installation, the malware hides its icon from the menu, contacts the Command and Control server with information regarding the new infection, and then waits for the user to open one of the 40 targeted financial apps. Once a targeted application is opened, the malware quickly displays a fake login page that lures users into supplying their user credentials.

The consistent changes to this malware prove that it is an ongoing threat to Android devices and will continue for the foreseeable future. To avoid being a victim, be sure to only download apps from trusted app stores like Google Play. A checkbox under the "Security" settings of your device will prevent your device from installing apps from "Unknown Sources."

The following is a list of financial apps targeted by the new Marcher variant:

com.android.vending

org.morgbigorg.nonem

com.google.android.gm

com.yahoo.mobile.client.android.mail

com.htc.android.mail

com.android.email

com.paypal.android.p2pmobile

com.chase.sig.android

com.suntrust.mobilebanking

com.wf.wellsfargomobile

com.citi.citimobile

com.konylabs.capitalone

com.infonow.bofa

com.morganstanley.clientmobile.prod

com.amazon.mShop.android.shopping

com.htsu.hsbcpersonalbanking

com.usaa.mobile.android.usaa

com.schwab.mobile

com.americanexpress.android.acctsvcs.us

com.pnc.ecommerce.mobile

com.regions.mobbanking

com.clairmail.fth

com.grppl.android.shell.BOS

com.tdbank

com.huntington.m

com.citiz

For more information on other types of malware, click here.


Nuspire Insights






Nuspire Infographic


Contact Us

Leave this empty: