1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Beware this Android banking malware posing as a software update

Discussion in 'Mobile Phones & Devices' started by starbuck, Jun 23, 2017.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Latest version of the mobile malware can steal login credentials from at least 40 banking, retail and social media apps.

    6d3a6cdec08c1e9afd1273329433cba3.png

    A sophisticated banking trojan has once again develop new techniques in order to trick Android users into downloading the malware.

    It's the latest variant of Marcher Android malware and this time it's posing as an Adobe Flash Player Update.
    Having first appeared on Russian-speaking undeground forums in late 2013, previous incarnations of Marcher have posed as a security update a Super Mario mobile game and more.

    Uncovered by researchers at Zscaler Threatlabz, this version of the banking trojan is using new lure techniques to spread infections, including adult content and links taking advantage of hype around new mobile games.
    All of the malware downloads are accessed from third-party sites and not via the official Google Play store.

    Once the victim has opened the dropper URL, they'll be prompted with a message saying the device's Flash Player is out of date and needs updating.
    Of course, this is fake, but if the user goes through and downloads the playload, they'll become infected.

    Marcher even offers a step by step guide on how to disable security settings and allow the device to install third-party software - an option turned off by default on Android devices and a key way of protecting the user from malicious software.

    Once installed, the malware will immediately hide itself and remove its icon from the phone menu, and register the infected device with its command and control server.
    All of the meta information about the infected phone, including the installed apps list is sent to the C&C server.

    The malware lies in wait for the user to open one of its targeted apps, but instead of the official, authentic login page, Marcher displays a fake overlay, allowing the cybercriminals behind it to steal login credentials and gain access to bank accounts and email services.

    Some of the apps Marcher provides fake login pages for include Citibank, TD Bank, PayPal, Gmail, Facebook, Walmart, Amazon, Western Union and more.
    The list of targets is in fact hardcoded into the malware payload, but the fake login pages can be changed by the authors as and when needed.

    c163e02dbc41a093a39fcd4e5a355daf.png

    Researchers note that unlike previous versions of Marcher, this variant is highly obfuscated, allowing it to bypass most antivirus programmes.
    Indeed, VirusTotal shows that it's caught under 20 percent of the time by virus scanners.

    "We have been seeing regular infection attempts for this Marcher variant in the past month.
    The frequent changes in the Marcher family indicate that the malware remains an active and prevalent threat to Android devices
    ," said Viral Gandhi, senior security researcher at Zscaler.

    In order to avoid infection via Marcher and over Android malware which spreads itself from third-party websites, users should only download apps from trusted app stores such as Google Play - although the official Android market still doesn't keep malicious software out one hundred percent of the time.


    Source:
    http://www.zdnet.com/article/beware...-posing-as-a-software-update/#ftag=RSSbaffb68
     
  2. bob12a

    bob12a Senior Member

    Joined:
    Aug 14, 2009
    Messages:
    857
    Location:
    uk
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MEDIONPC MS-7204
    CPU:
    3.00 gigahertz Intel Pentium D 16 kilobyte primary memory cache 1024 kilobyte secondary memory cache
    Memory:
    3072 Megabytes Installed Memory Slot 'A0' has 512 MB Slot 'A1' has 512 MB Slot 'A2' has 512 MB Sl
    Hard Drive:
    910.14 Gigabytes Usable Hard Drive Capacity 376.83 Gigabytes Hard Drive Free Space
    Power Supply:
    NVIDIA GeForce 6700 XL [Display adapter] Samsung SyncMaster [Monitor] (22.0"vis, s/n HS2P405617, A
    Thanks for tip.
     

Share This Page