After Svpeng, which was the first of its kind, “Marcher” is now one of the most prevalent Android passwords stealers. It is designed to target mobile app credentials from customers of variety of banks.
Marcher at a glance
Its first stage appearance happened in late 2013 where its main aim was to steal Google Play credentials and payment card data.
In 2014, the writers’ appetite got bigger, so by using the same tactic they started targeting financial institutions, primarily in Germany but the list of targets was later expanded to include France, Poland, Turkey, the United States, Australia, Spain, Austria and others.
In 2015 we meet Marcher again. According to IBM Security Report, 66 companies, including 62 banks, Google email services, Paypal and 9 major banks from UK are on target list.
The problem with Marcher is that it can be created and customized for each individual actor so it is very much possible that other Marcher samples expand the target list and hit other regions.
Marcher giveaway on underground web forums
Marcher is present on Russian underground web forums for years and now quotes for around $ 5,000.
How can you become a victim?
Marcher is disseminated to potential victims through PC adware, mobile adware, links spammed on micro blogging and social media services as well as links in spam email messages and SMS messages.
How it works?
According to PhishLabs, just like almost every other Android Trojan, it tricks users by displaying custom made overlay screens that works on demand from a remote server under the attacker's control. In this way everything you type into the webpage goes directly to the hacker.
It can perfectly hide itself, so you might think in some cases that you are clicking on a perfectly legitimate app, installer or site. This proves the fact that the newest sample was distributed as Adobe Flash Player installers – PhishLabs.
What can you do?
Zemana saw this coming and luckily found a solution. In order to protect banks and customers using their services, we designed Zemana SafeOnline that keeps you safe on Desktop and Android devices from any kind of threats even the most advanced ones.